Social Recovery
Learn about Mixin Messenger's unique social recovery mechanism to protect your asset security through trusted friends.
What is Social Recovery
Social recovery is Mixin's innovative account recovery solution that allows you to regain account access even if you lose your mnemonic phrase.
Core Concept
Basic Principle:
- Split recovery key into multiple fragments
- Distribute to trusted friends (recovery contacts)
- Need majority agreement to recover
- Distributed security protection mechanism
Comparison with Traditional Methods:
| Recovery Method | Advantages | Disadvantages |
|---|---|---|
| Mnemonic Phrase | Complete control, instant recovery | Cannot recover if lost |
| Social Recovery | Can recover even if mnemonic lost | Requires others' assistance |
| Custodial Service | Convenient and fast | Centralization risk |
Technical Features
Shamir's Secret Sharing:
- Cryptographic algorithm ensures security
- Threshold signature mechanism
- Single fragment cannot recover
- Requires K/N fragments (e.g., 3/5)
Security Guarantee:
- Decentralized storage
- Encrypted fragment protection
- Prevent single point attacks
- Time delay protection
Set Up Social Recovery
Preliminary Preparation
Consider Before Choosing Recovery Contacts:
Trust Level
- Long-term acquainted friends
- Reliable family members
- Trustworthy colleagues
- Unlikely to collude
Activity Level
- Frequently use Mixin
- Easy to contact
- Respond promptly
- Stay online
Distribution
- Different geographic locations
- Different social circles
- Reduce concentration risk
- Improve availability
Stability
- Maintain long-term contact
- Won't suddenly lose touch
- Responsible people
- Understand importance
Setup Steps
Complete Process:
Enter Settings Interface
- Open Mixin Messenger
- Go to "Settings" → "Security"
- Select "Social Recovery"
- Click "Set Recovery Contacts"
Select Contacts
- Minimum 3 people
- Recommended 5-7 people
- Maximum 10 people
- Choose from Mixin friends
Set Threshold
- Example: 3/5 (need 3 of 5 to agree)
- Recommended: N/2+1 (majority)
- Customizable
- Balance security and availability
Send Invitations
- System sends invitations to selected people
- Explain their role
- Include simple instructions
- Wait for acceptance
Wait for Confirmation
- Contacts receive notification
- They need to accept
- Takes effect after all accept
- Can check status anytime
Distribute Key Shards
- Auto distribute after acceptance
- Encrypted storage on their devices
- They don't need any action
- Secure and transparent
Invitation Notification
Content Contacts Receive:
[Your Name] invites you to be a recovery contact
As a recovery contact, you will help [Your Name]
recover their account if they lose their mnemonic phrase.
You need to:
✓ Safely store key shard
✓ Confirm identity during recovery requests
✓ Respond promptly to recovery requests
You don't need to:
✗ Remember any information
✗ Proactively do anything
✗ Take any risks
[Accept] [Decline]Manage Recovery Contacts
View Status:
- Settings → Security → Social Recovery
- View recovery contact list
- Show acceptance status
- View setup time
Add Contacts:
- Can add new ones anytime
- Increase redundancy
- Improve availability
- Need to redistribute keys
Remove Contacts:
- Can remove any contact
- Takes effect immediately
- Auto redistribute shards
- Others need no action
Replace Contacts:
- Remove old contact
- Add new contact
- Wait for new contact acceptance
- System auto adjusts
Using Social Recovery
When to Use
Applicable Scenarios:
- Lost mnemonic phrase
- Forgot PIN code and no mnemonic
- Mnemonic damaged and unreadable
- Emergency need to recover access
Not Applicable:
- Only forgot PIN code (using mnemonic faster)
- Changing devices (use mnemonic)
- Regular backup testing
- Mnemonic intact
Recovery Process
Detailed Steps:
Initiate Recovery Request
- Open Mixin Messenger
- Select "Social Recovery"
- Enter your Mixin ID
- Or enter bound phone/email
- Confirm initiation
System Verification
- Verify account exists
- Check if social recovery set up
- Confirm recovery contact list
- Send recovery request notification
Notify Recovery Contacts
- All recovery contacts receive notification
- Show recovery request details
- Inform needed number
- Start waiting period
Contact Recovery Contacts
- Important: Contact them through other means
- Call, text, meet in person
- Inform of your recovery request
- Request their authorization
- Prove you are the real person
Recovery Contacts Confirm
- They open Mixin
- View recovery request
- Confirm you are real person
- Click "Agree to Recover"
- Enter their PIN to confirm
Collect Authorizations
- System collects confirmations
- Show progress (e.g., 2/3)
- Can recover after reaching threshold
- Usually takes hours to days
Wait for Security Period
- After collecting enough authorizations
- Enter 24-hour security period
- Original account holder can refuse
- Prevent malicious recovery
Recover Account
- Security period ends
- System rebuilds access rights
- Set new PIN code
- Generate new mnemonic phrase
- Account recovery complete
Timeline
Typical Recovery Duration:
Hour 0: Initiate recovery request
↓
Hours 1-6: Contact recovery contacts
↓
Hours 6-24: Collect authorization confirmations
↓
Hours 24-48: Security waiting period
↓
Hour 48: Recovery completeInfluencing Factors:
- Recovery contacts' response speed
- Time zone differences
- Contact activity level
- Security waiting period
As Recovery Contact
Role Description
Your Role:
Key Custody
- Auto store key shard
- Encrypted storage on device
- No manual action needed
- Cannot view or export
Identity Verification
- When recovery request received
- Confirm through other means
- Ensure it's real person requesting
- Prevent fraud
Prompt Response
- Process requests ASAP
- They may be urgent
- Delays affect recovery
- Keep Mixin active
Receiving Recovery Request
Notification Content:
Recovery Request Notification
[Friend's Name] requests account recovery
Request Time: 2025-10-05 14:30
Confirmed: 1/3
Need Confirmation: 3
⚠️ Important Reminder:
Please confirm this is a real request from them
via phone, text, or in-person meeting!
[Agree to Recover] [Decline] [Handle Later]How to Confirm
Verification Steps:
Receive Notification
- View recovery request details
- Note request time
- Check request source
Contact Them
- Call to confirm
- Text to inquire
- Video call
- Meet in person
Confirmation Questions
- "Are you recovering your account?"
- "Did you lose your mnemonic phrase?"
- Ask questions only they know
- Ensure not fraud
Make Decision
- Confirmed real person → Agree
- Have doubts → Decline or later
- Cannot contact → Handle later
- Clear fraud → Decline and inform
Authorization Operation
- Click "Agree to Recover"
- Enter your PIN code
- Confirm authorization
- Wait for others' responses
Decline Request
When to Decline:
- Cannot contact them
- They deny initiating recovery
- Suspect fraudulent behavior
- They no longer need it
Decline Effect:
- That contact's authorization invalid
- Doesn't affect others
- They can request again
- Record decline operation
Considerations
Security Reminders:
✅ Should Do:
- Must confirm through other means
- Ask questions only they know
- Decline if doubtful
- Keep Mixin updated
- Inform others of changes
❌ Should Not Do:
- Don't only confirm in Mixin
- Don't easily agree
- Don't authorize when uncertain
- Don't leak key information
- Don't uninstall Mixin
Advanced Features
Emergency Contacts
Set Emergency Contacts:
- Select 1-2 special contacts
- They can recover independently (1/1)
- Suitable for spouse, parents
- Requires high trust
Use Cases:
- You have emergency
- Family needs asset access
- Quick recovery channel
- Balance risk and convenience
Multiple Recovery Schemes
Layered Setup:
Scheme A: Daily Recovery (3/5)
├─ Friend 1
├─ Friend 2
├─ Friend 3
├─ Friend 4
└─ Friend 5
Scheme B: Emergency Recovery (1/2)
├─ Spouse (Emergency Contact)
└─ Parents (Emergency Contact)
Scheme C: Ultimate Backup
└─ Lawyer/Will (Legal Means)Recovery Testing
Regular Testing Recommended:
Simulate Recovery
- Don't actually recover
- Contact recovery contacts
- Confirm they're willing to help
- Verify contact methods valid
Check List
- Check quarterly
- Confirm contacts still active
- Update those out of touch
- Add new backups
Communication Confirmation
- Inform of their role
- Explain how to verify
- Provide contact methods
- Express gratitude
Security Mechanisms
Anti-Attack Measures
Multiple Protections:
Time Delay
- Wait 24 hours after collecting authorizations
- Original account holder can refuse
- Prevent fast attacks
- Leave reaction time
Notification Mechanism
- Immediate notification of recovery request
- Notify each authorization
- Remind of critical operations
- Multi-channel notification
Refuse Permission
- Original holder can refuse anytime
- Single refuse invalidates
- Need to restart
- Protect real users
Audit Logs
- Record all recovery operations
- Show authorization times
- Track operation sources
- Transparent and queryable
Threshold Selection
Balance Security & Availability:
| Setting | Security | Availability | Use Case |
|---|---|---|---|
| 2/3 | Medium | High | Regular users |
| 3/5 | High | Medium | Recommended |
| 4/7 | Very High | Medium | Large amounts |
| 5/9 | Highest | Low | Extremely cautious |
Selection Suggestions:
- More contacts more secure
- Threshold above majority
- Consider contact availability
- At least 3/5 starting
Common Attack Scenarios
Scenario 1: Multiple Collusion
- Attack: Multiple recovery contacts collude
- Defense: Choose dispersed, unacquainted people
- Suggestion: Different social circles
Scenario 2: Social Engineering
- Attack: Deceive recovery contacts to agree
- Defense: Require multi-way verification
- Suggestion: Establish verification protocol
Scenario 3: Device Hijacking
- Attack: Control recovery contacts' devices
- Defense: 24-hour waiting period
- Suggestion: Multiple contacts dispersed
Scenario 4: Insider Attack
- Attack: Single contact malicious
- Defense: Need majority agreement
- Suggestion: Set threshold high
Best Practices
Choose Contacts
Recommended Combinations:
5 Person Scheme (3/5):
- Close Friend 1 (Same city)
- Close Friend 2 (Different city)
- Family (Parents/Spouse)
- Colleague/Partner
- Other trusted person
7 Person Scheme (4/7):
- Above 5 people
- Another family member
- Long-term online friend/community memberDispersion Principle:
- Different cities/countries
- Different social circles
- Different age groups
- Independent judgment ability
Inform & Communicate
First Setup:
Advance Notice
- Ask if willing
- Explain role and duties
- Explain importance
- Get consent
Provide Information
- How to verify identity
- Your other contact methods
- Information only you know
- Emergency contact channels
Establish Protocol
- Verification question list
- Confirmation process
- Contact method backup
- Regular confirmation
Regular Maintenance:
- Quarterly confirmation
- Update contact methods promptly when changed
- Thank for their support
- Maintain good relationships
Emergency Plan
Backup of Backup:
- Primary Method: Mnemonic phrase
- Backup Method: Social recovery (3/5)
- Emergency Method: Emergency contacts (1/2)
- Ultimate Backup: Legal means (will/lawyer)
Document Record:
- Recovery contact list
- Contact methods
- Threshold settings
- Setup time
- Store this info securely
Common Questions
How long does recovery take?
Depends on:
- Recovery contacts response speed: Hours to days
- Security waiting period: 24 hours
- Total: Usually 2-3 days
- Fastest: 24 hours
- Longest: May take 1 week
Can contacts see my info?
No:
- Only store encrypted key shard
- They cannot view
- Cannot export
- Auto managed
How many contacts can I set?
- Minimum: 3 people
- Recommended: 5-7 people
- Maximum: 10 people
- Threshold customizable
Can contacts decline?
Yes:
- Can decline when invited
- Can decline during recovery
- Can exit anytime
- No reason needed
Will assets change after recovery?
No:
- Assets stored on blockchain
- Recovery just gains access
- Quantity exactly same
- No losses
Can I change recovery contacts?
Yes:
- Add new ones anytime
- Remove old ones anytime
- Auto redistribute
- Seamless switch
What if everyone agrees?
- Still wait 24 hours
- Security protection period
- Prevent fast attacks
- Cannot skip
Can old mnemonic work after recovery?
No:
- Generate new mnemonic after recovery
- Old mnemonic invalid
- Need to backup again
- Update all backups
Technical Details
Shamir's Secret Sharing
Algorithm Principle:
Original Key K
↓
Split into N fragments (e.g., 5)
↓
Any K fragments can rebuild (e.g., 3)
↓
Less than K fragments cannot recover
↓
Mathematically guaranteed securityFeatures:
- Threshold signature scheme
- Polynomial interpolation
- Information-theoretic security
- Perfect secret sharing
Encryption Protection
Shard Encryption:
Key Shard
↓
Encrypt using contact's public key
↓
Only contact can decrypt
↓
Store on contact's device
↓
Auto manage lifecycleRecovery Process
Technical Flow:
1. User initiates recovery
↓
2. Verify identity info
↓
3. Notify recovery contacts
↓
4. Contacts confirm (PIN signature)
↓
5. Collect K signatures
↓
6. Rebuild recovery key
↓
7. Security waiting period (24h)
↓
8. Generate new key pair
↓
9. Migrate account control
↓
10. Recovery completeCompare Other Solutions
| Feature | Mixin Social Recovery | Mnemonic | Centralized Custody | Multi-Signature |
|---|---|---|---|---|
| Recoverable if Lost | ✅ | ❌ | ✅ | Partial |
| Decentralized | ✅ | ✅ | ❌ | ✅ |
| User Friendly | ✅ | 🔸 | ✅ | ❌ |
| Security | High | Highest | Medium | High |
| Depend on Others | ✅ | ❌ | ✅ | ✅ |
| Instant Recovery | ❌ | ✅ | ✅ | 🔸 |
Related Resources
- Wallet Recovery - Learn mnemonic recovery
- Two-Factor Authentication - Account security settings
- Create Account - Account creation guide
- Privacy Protection - Comprehensive security guide
- MPC Wallet - Understand MPC technology