Passkey Recovery & Backup

If a wallet is encrypted with a passkey and the user loses all their passkeys (e.g., lost phone, no backup), the wallet's private key cannot be decrypted. There is no master key or recovery phrase.

This is by design — self-custody means only the user controls their keys. But it also means backups are critical.

The best defense is registering multiple passkeys across devices:

1. Primary: Phone biometric (Face ID / fingerprint)
2. Backup: Security key (YubiKey, USB/NFC)
3. Optional: Laptop biometric, tablet, etc.

Each passkey is stored independently in passkeys.credentials[]. Any one of them can decrypt the wallet.

The Passkey Manager component lets users add and manage their passkeys.

Scenario 1: Lost one device, have another

• - Sign in on the other device
• - Wallet works normally (any registered passkey can decrypt)
• - Remove the lost device's passkey via Passkey Manager
• - Register a new passkey for the replacement device

Scenario 2: Lost all passkeys, had PIN backup

• - If the wallet was originally created with PIN and the PIN is still stored in metadata, the user can sign with PIN
• - Then migrate to a new passkey

Scenario 3: Lost all passkeys, no PIN

• - The wallet is locked. The private key cannot be decrypted.
• - Funds are not lost (they're on-chain) but the user cannot sign transactions.
• - No recovery mechanism exists in the current SDK.

1. Always register a backup passkey: Prompt users to add a security key after wallet creation
2. Show passkey count: Display how many passkeys are registered. Warn if only 1.
3. Don't delete the last passkey: The Passkey Manager prevents deleting the last PRF-enabled passkey
4. Consider hybrid auth: For high-value wallets, keep both PIN and passkey active
5. Educate users: Make it clear that losing all auth methods means losing wallet access