tKey: Multi-Factor Authentication for Private Keys

tKey is now LIVE on all Torus Wallets!
tKey: Multi-Factor Authentication for Private Keys

tKey is now LIVE on all Torus Wallets!

As a company, we have always been focused on providing a great user experience for Web3. Our wallet uses familiar flows for user authentication, without sacrificing private key functionality or cross-chain compatibility. Many developers in the blockchain community come to us to help them to onboard mainstream users, and since our launch in 2019, we have helped over 250 applications to onboard users with simple and seamless key management.

However, some of the convenience that users get come at the expense of adopting weaker security assumptions: like relying on a central party like Google to authenticate and assuming your email account is secure, or that the honest majority assumption for the Torus Network is good enough. These assumptions may be fine for new users, but more seasoned users may find these assumptions concerning. We wanted to address this and allow user wallets to be truly self-custodial, without sacrificing user experience.

tKey is the result of over half a year’s worth of research and design, user testing, and development. During this iteration process, we have taken great user onboarding ideas like Universal Logins and Zengo’s Keyless wallet into consideration and incorporated these innovations into our design.

At its core, tKey is just this: multi-factor authentication.

When a user authenticates through the Torus wallet, they locally generate a private key and split it into three shares. One share is stored on the user’s device, one share is kept on a decentralized file storage layer encrypted using user input, and one share is kept on the Torus Network and is secured through user logins. Access to two of these shares is necessary to retrieve the user’s private key.

Of course, multi-factor authentication is already achievable using smart contract wallets today, such as through Argent’s Guardians framework. However, tKey does this at a lower level — it functions just like a normal cryptographic key, which means that operations are off-chain and do not cost gas, and it is compatible across different blockchains.

Since the user’s device holds one of the shares, using the wallet only requires logging in to the Torus Network via OAuth. If a user is on a new device, a device sync is initiated, and they can use their existing logged-in devices to complete the sync. Moreover, this ensures that neither a malicious hacker who gets access to a user’s email account nor a network of malicious nodes is able to reconstruct the user’s private key since they only can access a single share on the Torus Network.

We also provide a simple upgrade path to using tKey. If you’re an existing user, you can create a new tKey account from your settings page in the Torus Wallet. If you’re a developer, you literally don’t have to do a thing — It Just Works. Maybe you won’t even notice that your users are on these newer, shinier, and more secure tKey accounts!

If you haven’t tried out the Torus Wallet before, and are looking for the best way to onboard users without compromises, we urge you to try it out for yourself on

Stay In Touch

Our team will continually be adding features to the Torus Wallet to support a major update coming to our platform. Stay tuned on any of our socials to be the first to hear about our latest developments.

Twitter, Telegram