Before we get into the details of Webauth.com wallet private key let me tell you two stories first.
In the first one, the user got a very bitter lesson. Someone pretending to support agent texted him in regards to a problem user shared in the telegram group earlier. He managed to convince him to enter his PRIVATE KEY on a scam support website. A few minutes later he was short of nearly $7k:
Here's another one where the user did NOT BACKUP his private key, lost his mobile phone and with that a large chunk of XPR. He managed to login with his email and password but that was not enough. It's like having an ID with you but no key for your house:
I'm telling you these not to scare you but to remind you few things:
- BACKUP your private key NOW! Backup to the cloud, backup to a password manager and even print it on paper but please do it! It's the only way to access your crypto.
- NEVER share your private key with anyone. Neither administrators nor support will even ask you to do that! Giving it to someone is like giving them the keys to your house.
- DO NOT enter your private key on any websites that says you need to connect your wallet or similar. Proton related websites will push the signing request to your Proton Wallet OR you need to scan QR to approve the transaction in the wallet. They are well known and can be found through Proton Chain main website: https://www.protonchain.com/
Unfortunately, nothing can protect you from giving your key voluntarily to someone. Scammers prey on newcomers or users that are under stress. In the UK for example, people get unsolicited calls from people pretending to be from HMRC (tax office) officers saying that you need to pay your taxes or you will go to prison as the police are on their way to arrest you. Many people ignore these calls but few fall for it, that's called authorized payment i.e. you did the payment by yourself and no one stole the money from your bank account. The same applies here with your private key.
Now, after you create a new account you will be immediately given your 12-word recovery phrase (or mnemonic seed). This is a unique, randomly generated set of words, that are given to you when you create an account. The recovery phrase is used to generate your private key, which is encrypted directly on your device. This 12-word phrase can help you recover your account and access your funds if you ever lose access to the wallet on the device the wallet is installed on. Respectively, this phrase gives anyone in possession of it to access all your funds, therefore, it's equally important to the private key and should NOT be shared with anyone!
The introduction of a recovery phrase in WebAuth.com was so that the user is enforced to take a note of it and confirm it during account creation.
Further to that, I'd strongly recommend you backup the key to a few places, that is cloud, password manager and even print it on paper. I can't emphasize how important that is. Go to Wallet -> Profile icon -> Backup Wallet, like this below:
CONCLUSION
- If you created your account on Proton Wallet you only have a private key. If you created your account on Webauth.com Wallet then you have both - recovery phrase and private key.
- You need a recovery phrase OR private key to recover your account if you lose your device.
- Never share the recovery phrase OR private key with anyone, including Proton support team.
- If you lose the recovery phrase OR private key nobody can recover this for you, thus access to your funds will be lost forever.
- Make sure you have a copy of your recovery phrase OR private key or better keep a copy of both.
- The ONLY exception why would need to access your private key is if you are moving to a different wallet (like Anchor) or a hardware wallet (like Ledger).
Stay safe!