Getting locked out of an online account is the 21st century equivalent to being wrongfully jailed. This might sound like hyperbole, but the people I’ve talked to who have gotten completely locked out of critical accounts such as their Facebook for business would agree. In today’s digital world, losing access to our online accounts can mean losing access to our livelihoods, our memories, and our social connections. The traditional method of account recovery, the email password reset, is a single point of failure. If your email is compromised, all of your other accounts are vulnerable. That’s why at Locke ID, we’ve developed a better way: Social Recovery.
What is Social Recovery?
Social Recovery is a feature that allows you to delegate trusted individuals, we call them “recoverers,” to help you regain access to your Locke ID account if you ever forget your master password. Instead of relying on a single email address, Social Recovery distributes the responsibility of account recovery among your trusted network of family and friends. It’s like having multiple spare keys to your digital life, each held by someone you trust.
Here’s how it works: When you set up Social Recovery, you select a few trusted individuals to be your recoverers. If you ever get locked out of your account, we’ll send a unique 6-digit code to each of your recoverers. You’ll then need to collect a certain number of these codes (a “threshold” you set) and enter them to regain access. For example, you could set up five recoverers and require codes from at least three of them to recover your account. This is similar to a nuclear launch that requires two keys to be turned at the same time; Locke requires that at least 2 of the codes are entered before your account is recovered.
The Power of Shamir’s Secret Sharing
To make Social Recovery possible, we use a powerful cryptographic technique called Shamir’s Secret Sharing. This method allows us to split your master password into multiple encrypted “shards.” Each of your recoverers holds one of these shards. Individually, a single shard is useless and reveals no information about your password. But when the required number of shards are brought together, they can be used to reconstruct your password and unlock your account. This process is fully end-to-end encrypted, meaning that not even us at Locke can see your password.
This threshold approach is a significant improvement over the “timed gate” approach used by some of our competitors, like Bitwarden. A timed gate approach simply puts a waiting period on account recovery, which can be inconvenient and doesn’t offer the same level of security against a compromised email account. With Locke ID’s Social Recovery, you are in control, and your security is reinforced by your community.
Your Digital Estate Plan
Social Recovery is more than just a password reset feature; it’s a vital part of your digital estate plan. In the event of your passing or incapacitation, your designated recoverers can use Social Recovery to access your Locke ID vault. This can be crucial for settling your affairs, managing your business, or ensuring your digital assets are passed on to your loved ones. By setting up Social Recovery, you’re not just protecting yourself from getting locked out; you’re also providing a secure and seamless way for your trusted contacts to manage your digital legacy.
We believe in Security Through Community. By empowering your trusted network to help you in times of need, we’re building a more secure and resilient digital world. Set up Social Recovery today and experience the peace of mind that comes with knowing your digital life is protected by the people you trust most.