Use Social Recovery

Learn how to set up social recovery in your game.

One of the main hurdles in enhancing gaming experiences within Web3 environments is ensuring player account security. Unlike traditional gaming accounts, where password recovery is straightforward, Web3 accounts often require meticulous management of a seed phrase to prevent loss of access. This can be a daunting task for players, necessitating either a fail-safe method to secure the seed phrase or reliance on a centralized system to handle key management.

To address this, gaming platforms can implement a "guardian" system. Guardians are trusted entities or mechanisms designated to facilitate the recovery of a player's account. If a player misplaces their access key, they can create a new one and request their guardians to authorize this new key as the account's official access method, effectively regaining control over their account.

This guardian system can be applied in two primary recovery scenarios:

Self-Recovery: Players have the option to configure their account recovery using another authentication factor they control, such as a hardware passkey or an alternative Web3 wallet. This method empowers players with direct control over their account recovery process, enhancing security and convenience.
Game-Assisted Recovery: a player might designate the game developer or platform as their guardian. In the event of losing access to their account, the player would reach out to the game's support team, who would then facilitate the account recovery on their behalf.

For a general overview of social recovery, see the Recoverable Accounts post.

Quickstart with Game-Assisted Recovery#

This guide will go through all the necessary steps to complete a recovery with Openfort as a guardian. The default implementation of the endpoint includes:

Threshold: 1:1
Guardian: Openfort
Time lock: 2 days

1. Set up Openfort - Server side#

Use our official libraries to access the Openfort API from your application:

Install Openfort:

command-line

npm install @openfort/openfort-node --save

Initialize @openfort/openfort-node:

server.ts

const Openfort = require('@openfort/openfort-node').default
const openfort = new Openfort(YOUR_SECRET_KEY)

2. Start Recovery#

Openfort will perform a Start Recovery operation to recover the account from the current owner to the new owner.

The policy parameter is a policy that will be used to sponsor the transaction. You can find more information about policies in our documentation. Bear in mind that this policy needs to have a account_functions policy rule to allow the sponsorship of this operation.

server.ts

const accountId = 'acc_...';
const policy = 'pol_...';
const newOwnerAddress = '0x416c...354D';
const playerTransferOwnership = await openfort.accounts.startRecovery(
  {
    id: accountId,
    policy: policy,
    newOwnerAddress: newOwnerAddress,
  }
)

3. Complete Recovery#

After complying with the period of time lockPeriod, the guardian has a securityPeriod to confirm the proposal. In this case, Openfort will submit the needed signature to complete the recovery of the account.

server.ts

const accountId = 'acc_...';
const policy = 'pol_...';
const newOwnerAddress = '0x416c...354D';
const playerTransferOwnership = await openfort.accounts.completeRecovery(
  {
    id: accountId,
    policy: policy,
    newOwnerAddress: newOwnerAddress,
  }
);

You can find the complete code for this guide on the Openfort samples GitHub page.

FAQs#

Is it possible change the default Guardian from being openfort?#

Yes. When creating an account, you can pass the body parameter defaultGuardian to false.