FAQs:
Are all users required to save the passphrase during enrollment? Can they retrieve it later?
Only the first Designated Onchain Signer receives the recovery passphrase during the Onchain Wallet enrollment process. It is critical to save and securely store this passphrase at that time. It cannot be retrieved later.
To ensure continued access, your organization should store it in a secure, shared location—such as a corporate password manager. This prevents loss of access in cases where the individual leaves the organization or loses access to their system, allowing recovery in the most extreme scenarios.
If all key shards and the recovery passphrase are lost, access to the Onchain Wallet—and any associated funds—will be permanently unrecoverable.
Is the recovery passphrase my private key?
The 12 word passphrase is not to be confused with the traditional passphrase used to represent the wallet private key. This 12 word passphrase is not the wallet private key and does not contain any information about the wallet private key. It is an encoded encryption key for you to recover your key share. The passphrase can only be used by an Onchain Signer on that specific portfolio to recover the wallet through the Prime application.
How should I save my recovery passphrase?
We recommend prioritizing availability when storing your passphrase by using a corporate password manager, cloud storage, or an offline backup. Since the recovery passphrase is not a private key and cannot be used alone to access your wallet, storage is straightforward.
An Onchain Signer from the same portfolio is required to use the passphrase, which can only be used to reprovision a key shard on your mobile device through the Coinbase Prime application.
It is critical to ensure you do not lose access to your recovery passphrase.
Can the passphrase be changed by Coinbase?
As an existing Onchain Signer, you can rotate the recovery phrase when necessary. This process will generate a new encrypted backup, requiring you to cryptographically create a replacement backup with a valid key shard. Please note that the recovery phrase cannot be changed by Coinbase, as we only store the encrypted backup and do not have access to your key material.
Is it possible to import a private key from an external wallet to Onchain Wallet?
No, that is not possible. We only offer the ability to export.
Is the passphrase the same for everyone?
The recovery phrase is unique per portfolio and the same for all users in the portfolio.
Does an account need to have multiple Onchain Signers?
In addition to securely storing your recovery passphrase, we strongly recommend having multiple Onchain Signers for each portfolio.
Losing access to a device is one of the most significant risks when using the Prime Onchain Wallet. This can occur due to a lost or broken mobile device or accidental app deletion. To mitigate this risk, it is crucial to ensure redundancy by designating multiple Onchain Signers per portfolio.
Having multiple signers enhances both operational flexibility and security:
Transaction Signing: More than one signer enables seamless transaction approvals once consensus is reached.
Redundancy: If an Onchain Signer’s device becomes inoperative, another signer can reprovision access, preventing disruptions.
Additionally, if the recovery passphrase is lost or compromised, it can be regenerated—provided that signers still have access to their key shards on their mobile device. This process invalidates the previous passphrase, ensuring continued security.
By implementing these safeguards, you can ensure uninterrupted access to your Onchain Wallet while maintaining the highest level of security.
For more information on how to restore access to your Onchain Wallet, please visit this Help Center article.