picture of a safe with a time lock

Two Factor Authentication Recovery

Hi,

We’d like to update you on our progress with enabling two factor resets for users who have lost access to their second factor authentication. For those affected, we are happy to announce that we will be enabling access to your coins following the procedure outlined below. We would like to thank everyone for their patience while we worked through providing a solution to this issue. Please take care to read this information carefully to ensure you understand how the procedure will work.

Terms Of Service

We will be refreshing our Terms Of Service at https://greenaddress.it/tos to clarify the details of the reset procedure. We’ll announce this update separately here and via the usual channels.

Eligible Users

The reset procedure applies to users that have their mnemonic available but do not have access to any two factor authentication method. If you have lost your mnemonic then GreenAddress does not have the technical means to recover your wallet, therefore the recovery procedure cannot be used to help you.

If your mnemonic has been made public, or someone else has access to it and disputes the recovery process, then the reset procedure cannot be carried out and you will need to contact support.

Reset Procedure

The short summary is that we will be allowing users to access their coins by requesting a two factor reset from within the wallet, which will enable access after a grace period.

Please note: at no point will we require the user’s mnemonic, and you should not give them to anyone who asks, including support.


We will release new wallet versions with support for the reset procedure in the coming months. Once you are logged in to the wallet, you can request a two factor reset from the settings menu. You must provide an email address for use as recovery two factor authentication and upon which we can contact you in case of any issue throughout the grace period.  Note that this applies even if you already have an email setup in the wallet. The email address can be an anonymous email account if you wish, but you must ensure it is one that is secure and readable only by you. If you lose access to the email you use for recovery, you risk having to restart the 2FA reset process from scratch. Note: do not use a disposable email address, or one that is readable by anyone such as those provided by mailinator.com or others maybe able to interfere with your reset process.

After requesting a reset, your wallet will become read-only, and whenever you login a warning will be displayed, showing you that the reset process is underway.

You must then wait for the grace period to expire. The period starts from the later date of a) when the reset was requested or b) the send or receive date of the last transaction in your wallet. The exact duration of the grace period will be announced with the release of our wallet upgrade, but it will be at least 12 months (one year) long.

The wallet will also allow you to dispute a reset during the grace period using the settings menu. In the event of a dispute, the reset process will be blocked and you should contact support for more information.

Once the grace period expires without dispute, the recovery email you provided will become your wallet’s email two factor authentication method. At this point you can access your coins as you normally would. We recommend then enabling additional 2FA methods and securely backing them up. You can then optionally remove the email 2FA method.

Example recovery scenarios:

Mnemonic Last received (or spent with change) Nlocktime setting Recovery
User Bob Yes 100 days ago Default 12960 (~90 days worth of blocks) Grace Period Only (As there is no nlocktime left)
User Matt Yes Today 1440 (~10 days) Grace Period + 10 days (nlocktime left)
User Frank Yes 365 days ago 144000 ( ~ 1000 days) Grace Period + (1000 – 365) days (nlocktime left)
User Jeff No N/A N/A Not possible as we don’t ever have a copy of the mnemonic.

Recovery In The Future

In the near future we will be taking advantage of a Bitcoin feature known as Check Sequence Verify/CSV.

This will allow us to:

– Make recovery processing completely trustless and atomic
– Remove the need for nlocktime files
– Remove the need for an email address for nlocktime notifications
– Have all newly generated addresses in wallets to automatically have the ability to be recovered

Once CSV support is complete and thoroughly tested by our team, we will be enabling it by default for everyone. We will provide more information as the deployment time approaches. We are very excited about the improvements to our user experience that CSV will bring!


Conclusion

Thanks for taking the time to read this announcement. We would like to remind users with only a single two factor method currently enabled to enable a second method as a backup. We are busy working on other new features and enhancements to the platform too, and will post about them in the near future.

As always, if you have questions or comments you can reach us at info@greenaddress.it.

Thanks,

Lawrence and the GreenAddress Team