Skip to content

Inactivity-Triggered Safe Access Methods: LockoutGuard and LegacyLink

Overview

LockoutGuard and LegacyLink are UnoLock's inactivity-triggered continuity features. They exist to handle the exception cases where a user loses access or where a Safe must pass to a successor after prolonged inactivity. In both cases, the temporary path is removed after use and the Safe is returned to the normal WebAuthn access-key model.

How It Works

  • LockoutGuard Recovery:
  • Inactivity Detection: Monitors user activity and triggers recovery options after a user-defined inactivity period.
  • Recovery Material: Users set up recovery material that is stored outside the normal day-to-day Safe access flow.
  • One-Time Recovery Flow: Provides a temporary alternative recovery method for access restoration, processed client-side.
  • Return to Primary Access Model: After recovery succeeds, the user must register again with WebAuthn, and the temporary recovery path is removed.
  • LegacyLink Inheritance:
  • Configured Through LockoutGuard: Users set LegacyLink from the LockoutGuard area and choose a delay after LockoutGuard has been triggered.
  • Dormant Credential: Setup creates a dormant LegacyLink credential with an access ID and passphrase that can be stored or given to a trusted person.
  • One-Time Succession Access: When the configured conditions are met, the LegacyLink credential can be used to begin recovery of the Safe.
  • Return to Primary Access Model: After LegacyLink is used, the recovering person must register a new access key, replacing the temporary succession path.
  • Zero-Knowledge Privacy: Both features process sensitive operations client-side, with no decryption keys or data stored on UnoLock’s servers, maintaining user privacy.

Security Implications

  • Preventing Permanent Lockouts: LockoutGuard ensures users can recover access without server intervention, reducing data loss risks while preserving zero-knowledge security.
  • Secure Succession Path: LegacyLink provides a bounded succession route without turning succession into a permanent second login method.
  • Temporary Recovery Paths: Both mechanisms are bounded alternatives, not permanent secondary login methods.
  • WebAuthn Restoration: After either method is used, UnoLock restores the Safe to the primary WebAuthn access-key model.
  • Robust Privacy: Client-side encryption and authentication ensure that inactivity-triggered actions remain private, with no server-side visibility, aligning with UnoLock’s zero-knowledge model.

Use Cases

  • Personal Asset Protection: Individuals can use LockoutGuard to recover access to cryptocurrency keys or documents if they lose access, and LegacyLink to prepare a trusted person for succession after prolonged inactivity.
  • Corporate Continuity: Businesses can prepare a successor to recover access to critical records after executive inactivity.
  • High-Risk Scenarios: Users in unstable regions can combine inactivity-based continuity planning with their normal access-key model rather than relying on a standing backup login.

Why It Matters

Inactivity can lead to permanent data loss or blocked inheritance. LockoutGuard and LegacyLink address those failure cases without weakening UnoLock into a standing alternative-login system. They preserve continuity while keeping WebAuthn access keys as the primary model.

FAQs

How does LockoutGuard detect inactivity and initiate recovery?

LockoutGuard monitors login activity and triggers its recovery flow after a user-defined inactivity period. Once that recovery flow is used, the user must register again with WebAuthn and the temporary recovery method is removed.

Can someone use LegacyLink immediately after it is created?

No. The LegacyLink credential is dormant and intended to become usable only when the configured conditions have been met.

What happens after LockoutGuard or LegacyLink is used?

After either method is used, UnoLock requires WebAuthn registration again. The temporary recovery or inheritance path is then removed, making these effectively one-time alternative access methods.

Does UnoLock have access to my recovery or succession keys?

No, recovery and succession material remain within UnoLock's zero-knowledge architecture rather than becoming a normal server-side login path.

Compliance & Privacy Regulations

  • GDPR & HIPAA Compliance: LockoutGuard and LegacyLink support compliance with GDPR, HIPAA, and other regulations by ensuring that recovery and inheritance processes are secure, private, and do not expose sensitive data on servers.

Integration with Other Features

  • Robust Key Management with Multi-Key Registration and WebAuthn: Enhances recovery and succession with secure, multi-key authentication, ensuring robust access control.
  • Client-Side Encryption Using AES-256 GCM: Ensures that recovery and LegacyLink material remain protected within UnoLock's privacy model.