Does the @unikname owner have his private key of his UNIK token?

This post provides a specific answer to the list of questions posted in General questions about the project by @louneskmt, about the original whitepaper released in Sept 2018.

Andreas Antonopulos is right “Not your keys, not your coins and because the purpose of our solution is to provide IDs rooted in the blockchain rather than coins, I may say “Not your keys, not your IDs :wink:

So rather than providing an “intermediate” solution for newcomers as described in the original whitepaper, we’ve decided to improve this part and to focus on the UX of the App to give full control to end users.

So @unikname owners are the only one to get their keys, they’re the only ones to have full control of their @unikname and their related data. Thank’s to our protocol, @unikname owners are the only one to unlock access to any websites. We don’t, and nobody else can.

my.unik-name App is used to unlock access to any websites. This Unikname App embed all wallet features, and it is the only one location where user’s private keys are stored. To avoid to enter the long and “unusable” passphrase every time you need to authenticate, the wallet is secured with a pin code attached to the device. All users need is their device’s pin-code (or fingerprint).

Today this is one of the most secure way to store passphrase (unless paper :slight_smile: ) and it tends to become a standard.

5 Likes

Hi @laurent, thanks for your quick answer!

Exactly, and your IDs have to be as secure as possible : anyone with access can connect to all your accounts, withdraw funds, etc…

Ok, that’s what I thought. It tends to become a standard solution, as you said, but will there be an alternative to authenticate without the App ? For example, if you don’t have access to it for some times (stolen, no battery, broken, etc), you can’t connect anywhere ?

Another questions:

  • Will there be a backup phrase ? I guess so, just to confirm :grin:
  • If your device is lost or stolen, is there a way to revoke all access and control over your @unik-name ?

Have a nice day!

2 Likes

If you’ve have backup your ID (AKA passphrase) you’ve fallback solutions.

1 Like

Yep, and we’re working on a user friendly backup/restore solution between multiples user’s devices

3 Likes

Again, you need your backup pass phrase. If so the owner of the @unikname can do two things :

  1. The owner can burn his @unikname forever. Not recommended but he’s the only one to decide, he can do it. Burning the @unikname have the immediate effect to reject all authentication requests.

  2. The owner can keep his @unikname and burn one life. So the ID restart on the network with a new life. This have the same effect and reject all authentication requests. In this case the Owner can also regenerate a new backup pass phrase to prevent fraudulent use by a thief.

2 Likes

Ok, perfect :ok_hand:

The @unik-name keeps his associated registry ?

Also (suggestion) : can you think it will be possible to store in the registry the authorized devices “IDs” ? So, the @unik-name’s owner can manage which devices can access to his account. And this part of the registry could be only modified directly with the passphrase, to avoid any alteration from an attacker who stole or hacked the device. Thus, a user could easily remove a device from the registry to revoke access to his @unik-name, if the device is lost/broken/stolen.

Let me know what to you think about that :grin:

3 Likes

Optional, and could be “cherry pick”.

2 Likes

:+1: :heart: we take it

3 Likes