Native on chain multi-factor recovery and access is one of the features that differentiates Radix from other L1’s. Earlier this year, we paused work on this due to the expected timelines and expected costs and as part of the restructure of the foundation team.

In the months following, work has been on-going to review the status of MFA in the Radix wallet, and today we’re pleased to announce that work is restarting on MFA. We’re taking a different approach to what was proposed prior to the restructure to prioritize incremental delivery. That means trimming down the feature set to the most needed ingredients to bring MFA into life rather than an all or nothing approach previously pursued.

This means we will be rolling out MFA in 3 distinct phases. Initially, we will launch these on Stokenet before enabling it on Mainnet, with the main intent of finding any potential issues with a wider audience as well as to gather feedback on the general UX. Making MFA intuitive is as important as making it work, which is why we’re starting with a stokenet deployment.

‍

How does MFA work

Everything MFA is facilitated by the on-chain Access Controller component, it defines how you access and control your account.

With MFA, an account is able to update this Access Controller to be controlled by a rule set of factors rather than just a single seed phrase/hardware account as it is now. The rule set of factors can include your phone, Ledger, Arculus Card, an off-device mnemonic, or even another trusted person.

In the Radix Wallet, the Access Controller is represented by the “Security Shield”, which is a simplified, more intuitive representation of an Access Controller configuration.

The Security Shield is composed of:

• Regular access configuration - the factor rule set used for signing transactions.
• Login and Prove ownership factor - the factor required to log into dApps.
• Start Recovery configuration - the factor rule set used to start the recovery process.
• Confirm Recovery configuration - the factor rule set to finish the recovery process.

‍

You can learn more about how multi-factor Smart Accounts on Radix work here, and how the Access Controller works here.

‍

Improvements to Signing Radix Transactions

Once you set up a Security Shield for your account, the way you sign transactions can change as well. The Radix Wallet currently asks for “one tap”, where you use a single factor like your biometrics or Ledger hardware wallet, to sign a transaction. 

With MFA, the wallet will instead check your Security Shield rules and enforce them. This could mean using your phone and Ledger, or maybe your phone plus Arculus Card, or the same as it is now, with a single factor. It all depends on what you as a user have set up. 

This entire process gives you, the account owner, control of your assets in an intuitive and user-friendly way.

‍

MFA Roll Out Phases

Upgrading the Radix Wallet to support the on-chain access-control and MFA is complex and a paradigm shift in many ways. Rather than drop it all at once, we’re going to roll it out step by step so the Radix community and ecosystem can test early and provide feedback as it evolves.

These phases will launch on Stokenet first, and once all feedback and testing is complete on all three phases will be moved to the mainnet deployment. 

Important: Although Stokenet is a testnet, during the testing phase, Stokenet accounts used to test MFA functionality may encounter issues - potentially permanently preventing access to the accounts used. We therefore recommend creating new dedicated MFA testing accounts on Stokenet with this in mind. You will be able to recover access to problematic accounts, if it is the case, once Phase 2 and 3 are released.

‍

Phase 1: Create a Security Shield & Sign with It

• You will be able to configure a Security Shield.
• Create and submit a transaction to apply the shield on your Account or Persona.
• See the on-chain shield configuration in your Account or Persona details.
• When signing a transaction, the factors you sign with are based on the shield configuration, and not the factor you have used to create the account in the first place. This in essence will exercise the Regular Access configuration mentioned above.
• When logging into dApps you will be signing with the factor configured for the “Log In and Prove Ownership” function of the Security Shield.

‍

In Phase 1, the main feedback we are looking for is if the setup flow makes sense and when signing transactions is the wallet behaving in the way you would expect? We’re also keen to understand if the terminology used (such as “Security Shield”) is easily understood or if there are better ways to explain this to users.

‍

Phase 2: Update Your Shield

• You will be able to update your Account/Persona shield configuration. This will exercise the Start and Confirming recovery configuration, or a timed delay if it is the case.

‍

In this phase, the main feedback we’re seeking is any unexpected behaviours or unclear user-flows.

‍

Phase 3: Recovery without a backup

• You will be able to regain access to your shielded accounts/personas if you lose your phone or the wallet backup.

‍

What’s Next

Stay tuned for Phase 1 release. It’s coming. Soon.