The daily spending wallet described in this reference design is designed to make backup as easy as possible for the user. As a result, the default flow is one where the user opts-in to a cloud backup.
However, some users may not be comfortable with the idea of their recovery phrase on a cloud server. So in accordance with the design principles of self-custody and transparency, this wallet also offers a manual backup option.
A note about channel state #
The lightning channel state is subject to change frequently, particularly if the user truly uses the daily spending wallet every day as the name would imply. As a result, we can’t think about the channel state as being a one-time backup. Channel state must be backed-up everytime the state is updated.
As a result, this wallet requires channel state to be backed up automatically to a cloud provider on each payment. Allowing for it to be backed up manually would create a false sense of security and will likely result in user error.
This requirement is designed to protect the user. In the event that a 3rd party manages to obtain the channel state from the cloud storage, there is not a lot they can do because it is encrypted using the user’s recovery phrase.
So when we talk about “manual backup” in regard to this wallet, we are strictly talking about manual backup of the recovery phrase.
Backing up the recovery phrase #
This user flow usually requires users to manually back up their 12 to 24 word recovery phrase by writing it down on a piece of paper and storing it in a safe (but memorable location). In the case that a user’s device breaks or is stolen, the user can recover their funds and wallet by correctly entering their recovery phrase. The private key management section dives further into the technical details of this scheme.
How to talk about a recovery phrase #
When introducing the concept of a recovery phrase, be succinct and clear in explaining what it is, how to store it, and how to use it. Examples of some microcopy that you might include before unveiling a user’s recovery phrase can be found below:
- “You will be shown your recovery phrase on the next screen”
Prepares a user for what they are about to see.
- “Your recovery phrase is a group of 12 random words”
Explains to users what a recovery phrase is.
- “Your recovery phrase is the only way to access your wallet if your phone is lost or stolen.”
Explains to users what the purpose of a recovery phrase is and why it’s important.
- “If you lose your recovery phrase, you will no longer be able to access your wallet. Never share your recovery phrase with anyone. Anyone who has it can access your funds.”
Explains to users what the consequences of their behavior is, and how it can affect the safety of their funds.
- “We recommend writing these words down in order on a piece of paper and storing it somewhere safe that you will remember.”
Guides and gives users actionable items on how to safely handle their recovery phrase.
Drilling in the larger consequences of what it means to interact with a self-custodial product is important during these first interactions with a wallet. Education within these beginning stages will empower users to make smart decisions, further informing how they understand and handle the safety of their funds.
How to display a recovery phrase #
The goal of the following flow is to encourage users to write down their recovery phrase on a physical piece of paper. This app disables screenshots on any screens that display a recovery phrase and, to be safe, also warns the user against screenshotting or photographing their recovery phrase.
Tip: Be Clear about Numbering
Note that this wallet explicitly instructs users to number each word (e.g. 1. sand 2. purple 3. flower). This is important because they will be asked to confirm their recovery phrase in a later step. It’s a bit of a pain for users to count which word corresponds to a particular number if they are not numbered initially.
Print template #
This wallet also offers the user a printable template they can use to write down their recovery phrase. This can help instill a sense of trust, guidance, and organization (especially if they have multiple wallets). It may also encourage them to treat this designated paper with importance rather than quickly scribbling it down on a random scrap. Here is an example template.
Some non-sensitive data (such as the name of your wallet or the derivation path) could be included pre-filled in the template. An output script descriptor could be included as a QR code to ensure the wallet software knows how to restore the wallet properly. However, the user should always be required to write in sensitive data such as the recovery phrase by hand.
Confirming a backup #
This step is a great way to ensure and test that the user in question actually stored their recovery phrase in a way that allows them to access and recount it. This typically entails prompting them to recall the words, which can be done in multiple ways that are laid out below.
Tip: Confirm user understanding
Try to make sure users understand your team cannot access their recovery phrase if they lose it. This drills in the importance of properly and securely storing it, reiterating that access to their funds is always in their own hands.
Next, we cover how to use these backups to recover a wallet.