From the user experience point of view, the biggest difference between a web3 application and a web2 application (centralized services and applications) is definitely account management. In web2 services, when creating an account, because we submit enough private information, the service provider can understand who we are from many aspects, so we don’t worry if we forget our password or even lose our account, because the service provider can help us recover our account and password. But in web3, we need to take care of our account ourselves. If we lose our account, it is lost forever and we can never get it back, even if there are 10,000 bitcoins stored in it. For a technical geek, managing his own web3 account is not a big deal at all. He can even remember the private key in his head without relying on any medium. But for an ordinary person, whether it is remembering the private key or backing up the mnemonic, it is a huge challenge. Any negligence will cause huge and irreparable losses. How to let ordinary users get an account management experience similar to web2 is the premise for whether web3 applications can be widely used.
Let's imagine what ideal web3 account management should be like. Suppose there is a distributed artificial intelligence on the web3 network, which works according to the smart contract deployed by the DAO community, has extremely high intelligence, and is responsible for user identity authentication and account management. Because it is distributed, it has the ability to independently maintain its own key for its own identity authentication and encryption and decryption of all its own data. This key is only stored in the highest security level distributed memory built by AI itself (for example, the key is sharded and stored in the memory of many machines through the SSS algorithm), and will not be stored in any storage device. In other words, it can have its own data, and no third party can decrypt this data. Because it has its own key and works based on smart contracts, it can help users save private data, so that no third party can get user data. If there is such an AI, user identity authentication will not be so complicated, and users can fully enjoy account management services similar to web2. But unfortunately, there is no such distributed intelligent service at present, and web3 account management is still in a very early stage.
The most advanced wallet account management nowadays includes MPC wallet and CA wallet. However, these two wallets do not directly solve the problem of private key management. Instead, they change the management of one private key into multiple private keys managed by multiple people. The essence has not changed, but it makes the use of wallets more complicated. If this wallet is a bank vault, it is necessary to set up a complex rule to manage the bank vault, but it is not suitable for the management of personal accounts.
Another popular way to manage web3 accounts is the semi-custodial method. Many wallets now use social recovery, or bind guardian accounts, or have wallet service providers provide semi-custodial services, all of which belong to this category. The semi-custodial method is based on the key sharding algorithm (SSS), where each party holds a shard. When restoring, as long as the shards that meet the threshold can be gathered, the wallet can be restored. This is a method with a good user experience, but there are some security risks. For example, entrusting two parties A and B to save a shard, what if they collude and merge privately? Or what if they lose it due to poor management? Or what if the service goes bankrupt? It is also possible to lose a shard that you save yourself. These methods have certain dependencies and are prone to single point failure problems.
In short, the technologies of MPC and smart contract wallets are not suitable for individuals. Semi-custodial technology needs to solve some problems and is expected to be widely promoted. For an ordinary user, he is used to this way. After he creates an account, if he forgets his password or loses his account, he hopes to be able to recover his account with some data or effort. There is not only one path for this recovery. The way to recover passwords or accounts online is very good, and manual services to help recover is also good. In short, there will be no single point of failure, and users do not need to pick up a pen to write down mnemonics or save a key shard. In this process, whether the user can recover the account depends on three points:
Proof through other accounts (socially, this is the guardian account)
Proof through fingerprint or facial recognition (physical level)
Proof by answering a private question or password (mental level)
The reason why I am who I am is because of the unity of the three aspects, socially, physically, and consciously. The web2 service makes full use of the data on these three aspects to help users recover their accounts by fully mastering the data of a person on these three aspects. In this process, users do not need to remember a piece of text without any rules, nor do they need to save a piece of data with unknown content. We believe that this is the key to the problem. If a web3 account can achieve these two points, the probability of being accepted by ordinary users will be very high.
This is what we are working towards. The account of TinyVerse Space is a user-managed, multi-factor verified, and multi-recovery path account. The purpose is to find an optimal balance between security and ease of use, and to help users enter the web3 network without obstacles. It does not require users to remember extra things. Users only need to use the data they are familiar with or the life experiences they remember deeply, or even their personal privacy data, to restore their accounts. It also does not require users to save any extra data. All data is stored on the distributed storage network. During the backup and recovery process of the account, no third party will obtain personal privacy data because all data is encrypted by personal private keys. We will not become a single point of failure because we only provide tools, and all data is on distributed storage networks like ipfs. We will share the technologies involved in this process step by step later.
