Topic: JoyID - A passwordless wallet (Read 488 times)

When it's not mandatory to backup the wallet's recovery details then there will be wallet users who don't do it and who will loose their coins if things go south. Postponing mandatory analog backup is simply irresponsible.


And why do they use some non-standard seed phrase, assuming you mean with "seed phrase" the mnemonic recovery words?
Stupid design decisions, in my opinion.


If I get this right, the passkeys authentication binds this wallet to the website. So if the website ceases to exist, you're likely screwed, especially when the wallet alone doesn't function properly anymore without the website and because the recovery words are f*** non-standard.

So it looks like Windows and Linux are now supported again[1]. But I'm not sure I like this implementation, because unlike how they had this before (do everything from the desktop), you would now still need to use your mobile device.

[1] https://x.com/joy_protocol/status/1815657980173689275

That's up to the user. On a phone, typing RX6d'}jmfjk$ly#d%_!ZOyKtZdKoA28TFnBVx_.O7,H&r,,Pm5 is quit annoying. With a password manager, it's easy and I'm absolutely sure nobody will ever brute-force it. At least it's not a black box, and the user can easily understand how it works. Unlike the biometric mumble jumble which I assume has a back door for Apple or even agencies.

I wasn't talking about seed phrases, but about user credentials in general.

That's the problem: if you can't restore it from scratch, it's not a backup. I read a bit about it, and you can restore it using your Apple account. I'm not in crypto to trust third parties.

I wouldn't call a seed phrase insecure.

I think "passkeys" are just an amalgamation of all the different ways you can authenticate something instead of a password.

i.e. combining biometrics, security keys, and smart cards into one category.

I don't think this is a revolutionary advancement, but it's just something that people are finally taking seriously after years of forcing everyone to use passwords (that are inevitably chosen to be insecure).

The "app" doesn't support Linux.

This link doesn't work anymore. The FAQ link on the site brings me to nervina.notion.site/JoyID-FAQ-EN-3950ff33403e4545aa3d6129f2725cdb.

When I read this:
I just see "mumble jumble" to make something sound better than it is.
Wait. It just said it's "next-generation" and now it's "based on industry standard"? You can't have both!

I'll stick to my proven and trusted seed phrase and password!

JoyID has now added the ability to export private keys as well as backing up the seedphrase. Neither options are something "required to do" when creating the wallet.

It's worth mentioning also, that the seed phrase will start with "joyid" as the first word, and can not be used on any other wallets.

I see this as being a service for the absolute newbies who don't feel like creating and holding their own keys. Anyone more serious and experienced in crypto shouldn't have problems with being a true custodian of keys and not rely on biometrics and face ID as ways of generating and recovering crypto wallets.
 
Your Passkey creates your private keys. And you get your Passkey by providing your fingerprint, face ID, or a PIN. Who else uses such a system? If JoyID where to disappear from the face of the world tomorrow, where could I import my Passkey and continue using my wallet? I know it's open-source, but we can't expect the target audience to build their own instances of the wallet from code.

The documentation says that it's not possible to export private keys and seed phrases from devices that support this standard. Apparently, they are working on enabling seed backups in the future. So, users are limited only to systems and services that use the Passkey standard, not like with traditional wallets where you can always import/export private keys and seeds.

An important update: it would no longer be possible to create an account with JoyID in Windows (regardless of the version you're using) due to the currently limited support of Passkeys in Windows.

As for those who were a bit skeptical about the wallet and what it offers in the past. I suggest you check this newly released FAQ by the team. It should help clear lots of things:

https://nervina.notion.site/JoyID-FAQ-EN-3950ff33403e4545aa3d6129f2725cdb

The wallet now supports RGB++ assets[1] (basically an upgraded version of RGB, the layer2 solution for bitcoin) as well as trading its coins on a DEX[2].

For those who read my above post about JPoints, I don't believe that's a thing anymore. I have been away for some time, and last time I checked, those are no longe showing in the wallet.

[1] https://twitter.com/joy_protocol/status/1775535895166537819
[2] https://twitter.com/joy_protocol/status/1780505146067448176

So the wallet now supports Bitcoin (native SegWit and Taproot) as well as BRC20 tokens. I'm not going to lie, the wallet is still missing some very important functionalities like scanning QR code (which I think should've been a top priority, especially for a wallet that's supposed to be used on mobile) but that's coming on the way.

The wallet has made a few more updates:

- BiHelix (bitcoin infrastructure service) partnership which could indicate that bitcoin support is coming soon for both mainnet, LN as well as RGB++
- Spore NFT now supports JoyID.
- DotSwap also added support to JoyID.

Yeah, it's the same JoyID OP is talking about. I just finished reading posts of some dudes in an online group I belong and away from the project's telegram handle. They talked about SLN (Smartlayer) and its claim that's ongoing. Those who lamented they haven't got theirs were directed to check their eligibility status with their JoyID addresses. That's how I got to know it's the same project.

I saw a screenshot of someone who got over 2,000 SLN from that airdrop. That's really huge when you juxtapose that with its trading price of >$6. It's unbelievable what people make from airdrops. It's very tempting, and that's why more people are chasing airdrops.

Hey is this the JoyID wallet that also been used for smartlayer quest? I think its the same given the color of their UI. It seems you ate fond of their project as it seems you keep up with an updated info on their progress. If its the one used on smartlayer I could say that its run smoothly. You thi k their fingerprint locking and unlocking of wallets is actually a better one for login?

More updates (again, I'm not affiliated with the project):

- Scroll network has been added.
- You can now add any unsupported EVM chain or token you want just like you would with MetaMask.

The wallet has also achieved 200K users.

Here are some updates since I last posted here:

- The wallet has reached 150K users[1].
- You can now send and receive Arbitrum assets.

Again, I'm not affiliated with the project in any way, just think it's a very interesting concept.

For those who are interested in "potential airdrops". It appears that you can gain some points by doing some quests within the app. The team didn't mention anything about the "use" of those points, but I would imagine that eventually, they would have some kind of purpose at least.

[1] https://twitter.com/joy_protocol/status/1743599120592535778

From my understanding, the approach is different than what's being used in exchange apps, and wallets where the biometrics are used to unlock the app. I'll try to get in touch with Cipher, I think he could shed more light on all of this.

Also who is to be held liable in the case of a compromise?

When it comes to non-custodial wallets, I am not too comfortable but in cases where there is no exception, one has no option but I'm most concerned.

If we can get a feedback on how to recover private key/phrase, it will be okay.

Don't get me wrong, I mean that implementing fingerprint locks and facial recognition as wallet security is not safe enough from environmental risks. It's good if you also have PIN as an option.

So where is the private key/mnemonic stored and retrieved for recovery? As per my understanding the private key cannot be eliminated whne generating a new wallet.

Thanks for your detailed response.

I would like to know more about the recovery process (which I believe is not available yet?) and how secure it is. and how difficult it is for someone (a hacker) to gain access to your wallet from either your device, or on another device since from my understanding, this whole passkey process uses your hardware, meaning even with your fingerprint/faceID, your wallet cannot be recovered elsewhere, but how would that work if you lose access to your phone?

I read the FAQ, but maybe you can give more details on all of that?

Thank you for introducing Joyid to the Bitcoin Forum. I'm Cipher, the founder of JoyID, and I'm delighted to be here to discuss our new solution to wallet technology. Allow me to provide some insights into the mechanics of this innovative wallet.

First and foremost, it's crucial to highlight that JoyID is a non-custodial wallet. Our server never hosts your keys or any form of key shards. With JoyID, you retain 100% control over your private keys.

Furthermore, our wallet doesn't directly access your biometric information. While it does utilize the system's biometric verification feature, the wallet only receives the system's response in the form of an ECDSA signature. It remains entirely unaware of how you choose to identify yourself -- whether through Face ID, fingerprint recognition, or a PIN code.

Our technology leverages Passkey, a standard supported by the FIDO Alliance and widely adopted by modern devices. It utilizes a dedicated hardware secure chip to generate and manage asymmetric keys, enabling secure signature and verification services right on your device. Passkey is compatible with a range of operating systems, including iPhone, Android, Windows 11, MacOS, and Linux. Passkey makes JoyID a wallet with the secure level between software wallet and hardware wallet.

By combining these technologies with account abstraction (which maps multiple devices/keys to a single account) on Nervos (a UTXO PoW + RISC-V VM chain), we've created a wallet that's non-custodial, passwordless, mnemonic-free, and doesn't require installation. It also prioritizes biometric security. Our wallet is permissionless, chain-agnostic, and offers instant onboarding feature (10s to create a wallet and never lose). It's a game-changer for the crypto world.

And as a Bitcoin advocator and hodler, I'm working on the following features to benefit Bitcoin community.

- Bitcoin support, with air-gapped wallet feature, working
- Lightening network support, planning
- RGB support, planning
- Nostr support, already supported

Feel free to ask me anything about JoyID, thanks.

On the main page, I saw their animated image explaining the security system using fingerprint and facial recognition. Do they actually implement this?Afaik, it is a very weak security method. They also have a recovery mechanism with some means that I think (tentatively suspect) that backups of privatekeys or mnemonic phrases are (also) stored on their side.

My conclusion is that this wallet actually goes against the security standards of crypto wallets in general.

First, I would like to start by saying that I'm not affiliated with this project in any way.

It's just a project that I have been keeping an eye on for some time because I found it to be interesting, and they just officially launched on the main net a few hours ago, so I thought I'd share[1][2].

The app is a non-custodial multi-coin wallet (currently only supports Ethereum, Polygon, and the Nervos network) but should support BTC, SOL, and other coins later.

Unlike other wallets, this wallet uses passkeys. You don't need an email, a phone number, seedphrase, or any of that. See here for more info[3].

I'd like to hear your thoughts on this? I just started using it and will make sure to post updates as they add more features and coins.

EDIT: Moved this to the wallet software board, as the developers are now supporting Bitcoin (SegWit, Taproot) and working on a Bitcoin layer 2 solution (RGB++).

[1] https://joy.id/
[2] https://docs.joy.id/guide
[3] https://joy.id/faqs