Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Trustless Recovery – 1auth
Skip to content

Trustless Recovery

1auth accounts are self-custodial smart contracts deployed on-chain. If the 1auth service goes offline — whether temporarily or permanently — users never lose access to their funds or their account. This page explains the safeguards that make this possible.

Your Account Lives On-Chain

When a user creates a 1auth account, a smart contract is deployed to the blockchain. This contract holds the user's assets and enforces who can authorize transactions. The 1auth service helps manage this account, but it does not control it — only the user's passkey (or their recovery guardians) can authorize changes.

If 1auth becomes unavailable:

  • Funds remain safe — Assets are in the on-chain smart contract, not in any 1auth database
  • Account state is unchanged — The account's signers, guardians, and configuration are all stored on-chain
  • No one can lock you out — 1auth has no admin key or backdoor into user accounts

Independent Recovery Signers

To ensure recovery works without the 1auth backend, the guardian system uses independent recovery signers — services that run separately from 1auth and can authorize recovery on their own.

When a user sets up recovery with their Google account, the linked guardian is an independent signing service. This service:

  • Runs on its own infrastructure, separate from 1auth
  • Reads the user's guardian configuration directly from the blockchain
  • Verifies the user's identity through Google sign-in
  • Authorizes recovery without contacting the 1auth backend at any point

Because the signer reads all verification data from the blockchain and the identity provider directly, it has no dependency on 1auth being online.

Lit Protocol: Decentralized Recovery

For even stronger guarantees, 1auth will use Lit Protocol as a decentralized recovery signer. Instead of relying on a single signing service, the recovery key is split across a distributed network of nodes.

How it works:

  • No single point of failure — The signing key is distributed across the Lit network. No single node holds the complete key.
  • Threshold signing — A minimum number of nodes must agree before a recovery signature is produced. Compromising a few nodes is not enough to forge a signature.
  • Programmable conditions — Recovery is only authorized when the user proves their identity (e.g., Google sign-in), enforced by the network itself
  • Fully independent — The Lit network operates independently of 1auth, its infrastructure, and its team

This means that even in the worst case — 1auth shuts down entirely, its servers go offline, and its team is unreachable — users will be able to recover their accounts through the Lit network by proving their identity.

The Self-Custody Guarantee

Traditional wallets and auth providers create a dependency: if the service disappears, users may lose access. 1auth is built differently:

ScenarioWhat happens
1auth service goes down temporarilyUsers can still transact via recovery signers or wait for service to return
1auth shuts down permanentlyUsers recover via independent signers and Lit Protocol
A recovery signer goes offlineOther guardians (personal backup, Lit Protocol) can still authorize recovery
User loses their passkeyGuardians authorize adding a new passkey — no dependency on any single service

The account is always the user's. The infrastructure around it is designed so that no single failure — technical or organizational — can lock them out.