Login with Google or Apple Security FAQs

  • Updated

Is login with Google/Apple secure?

This protocol is non-custodial by design. The only point where a seed exists in full is on the user’s device after they have successfully authenticated with their email and PIN.

When a seed is backed up, the seed itself exists on Phantom’s backend in ciphertext (encrypted) form, while the encryption key is split into shares across the Juicebox network and Phantom’s backend. No single party, outside of the user, is ever able to reconstruct the seed in plaintext.

 

What is the 4-digit PIN used for?

As part of the Google/Apple login wallet, a user must create, remember, and enter a 4 digit PIN. This PIN must be provided to recover your wallet. Phantom cannot help you remember or recover your PIN for you.

This PIN is used as part of the Google/Apple Phantom account to ensure that nobody beyond yourself can recover your wallet. The PIN is used to encrypt part of your Google/Apple Phantom account to Juicebox such that nobody without the PIN can recover that part of the wallet. It essentially acts as a second factor such that both an email and a PIN is required for wallet recovery.

 

Is my wallet secure if X happens?

This login method was designed such that no single piece of information nor part of the protocol could cause unauthorized access. The following is a list of attack scenarios under which your wallet is still safe.

  1. Email: Even if an attacker gets access to your email, without the PIN they will not be able to recover your wallet
  2. PIN: Vice versa, without email access the attacker is unable to recover your wallet. Both email and PIN are required for recovery
  3. Phantom’s backend: Our backend only holds a subset of data required for recovery. i.e. Phantom only holds an encryption of the seed as well as one (out of two) required shares of the decryption key
  4. Juicebox Realm: As long as a threshold of Juicebox realms are non-malicious there is no way for an attacker to recover the Juicebox share of the recovery key
  5. Juicebox Protocol: In the case that the entire Juicebox protocol is compromised, the attacker is still unable to access your wallet given the second decryption key share exists on Phantom’s infrastructure.

 

What is Juicebox?

Juicebox is a decentralized, distributed secret storage protocol. It allows users to store a secret piece of data gated by a 4 digit PIN. The secret data is split amongst a network of nodes (i.e realms) such that no single node is able to reconstruct the original secret.

 

What happens if Juicebox shuts down?

Juicebox itself is an open source protocol, so the code to run Juicebox realms will always be available. However, third party Juicebox realm providers could choose to shut down. If so, as long as a threshold of realm providers are still operating, this feature will still work as normal. If not, Phantom will ensure that the shutting down realm provider can safely transition their realm state to a new realm provider.

Note: even if the whole feature goes down, as long as a user has a device that has logged in using Google or Apple, their wallet will always be available locally on that device.

 

What happens if Phantom shuts down?

If Phantom shuts down, the recovery protocol will be unavailable. However, any device that has logged in and recovered a Google or Apple account will still be able to be used as normal.

 

Does Phantom have access to my funds?

No, this protocol is designed in a distributed way such that the only person that can access your funds are yourself with your email and PIN. Phantom can never:

  • Move your assets without your signature.
  • Access or view your private keys or funds.
  • Block you from accessing and moving your funds.

Was this article helpful?

3 out of 4 found this helpful
Can't find what you're looking for?

Start a chat