The daily spending wallet described in this reference design is designed to make backup as easy as possible for the user. As a result, the default flow is one where the user opts-in to a cloud backup.
However, some users may not be comfortable with the idea of their recovery phrase on a cloud server. So in accordance with the design principles of self-custody and transparency, this wallet also offers a manual backup option.
The lightning channel state is subject to change frequently, particularly if the user truly uses the daily spending wallet every day as the name would imply. As a result, we can’t think about the channel state as being a one-time backup. Channel state must be backed-up everytime the state is updated.
As a result, this wallet requires channel state to be backed up automatically to a cloud provider on each payment. Allowing for it to be backed up manually would create a false sense of security and will likely result in user error.
This requirement is designed to protect the user. In the event that a 3rd party manages to obtain the channel state from the cloud storage, there is not a lot they can do because it is encrypted using the user’s recovery phrase.
So when we talk about “manual backup” in regard to this wallet, we are strictly talking about manual backup of the recovery phrase.
This user flow usually requires users to manually back up their 12 to 24 word recovery phrase by writing it down on a piece of paper and storing it in a safe (but memorable location). In the case that a user’s device breaks or is stolen, the user can recover their funds and wallet by correctly entering their recovery phrase. The private key management section dives further into the technical details of this scheme.
When introducing the concept of a recovery phrase, be succinct and clear in explaining what it is, how to store it, and how to use it. Examples of some microcopy that you might include before unveiling a user’s recovery phrase can be found below:
“You will be shown your recovery phrase on the next screen”
Prepares a user for what they are about to see.
“Your recovery phrase is a group of 12 random words”
Explains to users what a recovery phrase is.
“Your recovery phrase is the only way to access your wallet if your phone is lost or stolen.”
Explains to users what the purpose of a recovery phrase is and why it’s important.
“If you lose your recovery phrase, you will no longer be able to access your wallet. Never share your recovery phrase with anyone. Anyone who has it can access your funds.”
Explains to users what the consequences of their behavior is, and how it can affect the safety of their funds.
“We recommend writing these words down in order on a piece of paper and storing it somewhere safe that you will remember.”
Guides and gives users actionable items on how to safely handle their recovery phrase.
Drilling in the larger consequences of what it means to interact with a self-custodial product is important during these first interactions with a wallet. Education within these beginning stages will empower users to make smart decisions, further informing how they understand and handle the safety of their funds.
The goal of the following flow is to encourage users to write down their recovery phrase on a physical piece of paper. This app disables screenshots on any screens that display a recovery phrase and, to be safe, also warns the user against screenshotting or photographing their recovery phrase.
Tip: Be Clear about Numbering
Note that this wallet explicitly instructs users to number each word (e.g. 1. sand 2. purple 3. flower). This is important because they will be asked to confirm their recovery phrase in a later step. It’s a bit of a pain for users to count which word corresponds to a particular number if they are not numbered initially.
Wallet prompts the user to setup a backup, and the user selects the manual backup toggle.
Explain what the manual backup is before proceeding, and give user the option to back out.
Allow the user to select their cloud provider for channel state backup.
This UI will be very different depending on the cloud provider and what permissions are required.
Explain what a recovery phrase is.
Explain what is about to happen and what the user should do.
The print template, pre-populated with non-sensitive information
This wallet also offers the user a printable template they can use to write down their recovery phrase. This can help instill a sense of trust, guidance, and organization (especially if they have multiple wallets). It may also encourage them to treat this designated paper with importance rather than quickly scribbling it down on a random scrap. Here is an example template.
Some non-sensitive data (such as the name of your wallet or the derivation path) could be included pre-filled in the template. An output script descriptor could be included as a QR code to ensure the wallet software knows how to restore the wallet properly. However, the user should always be required to write in sensitive data such as the recovery phrase by hand.
Give the user an option to download a print template.
Explain how to use the print template and give the option to print it or download it.
User continues down OS specific flow for printing or downloading a file.
This step is a great way to ensure and test that the user in question actually stored their recovery phrase in a way that allows them to access and recount it. This typically entails prompting them to recall the words, which can be done in multiple ways that are laid out below.
Tip: Confirm user understanding
Try to make sure users understand your team cannot access their recovery phrase if they lose it. This drills in the importance of properly and securely storing it, reiterating that access to their funds is always in their own hands.
Explain to the user that they need to verify they wrote down their recovery phrase properly.
Prompt the user to tap the words of their recovery phrase in the correct order.
Let the user know when they get the order incorrect.
The user finishes tapping in their recovery phrase in the correct order.
Remind the user to store their recovery phrase safely.