Backend for BrightID/BrightID#1119
We offer social recovery and device recovery. Maybe the next option should be seed phrase recovery.
We can allow a user to auto-generate a one-time seed phrase which we can show the user one time, then ask if they've written it down, and then never show it again. If the user wants a new seed phrase they can request a new one and we can show it to them, and replace the previous one with the new one.
On the backend, we can create a new operation that registers the hash of a seed phrase. Each user can have only one at a time. If they register a new one, it replaces the old one.
Then recovery by seed-phrase can be another option in the "import" flow. The other option we already have is using an existing device to authorize the import. Either one will allow a new device with a new signing key to be registered and then set as primary. The user should create a new seed phrase at the end of the flow if they used a seed phrase to recover (since seed phrases are single use).
The backend needs an operation to add a new signing key when a user reveals the seed phrase that matches the hash. This can only be done once, and then the hash is marked as already used.
Backend for BrightID/BrightID#1119