Authentication Methods
Learn how SovSeal verifies identity for vault owners and heirs accessing protected assets.
Authentication Methods
SovSeal employs rigorous authentication to ensure only authorized individuals can access protected assets. Our verification methods differ for vault owners (everyday access) and heirs (inheritance access).
Vault Owner Authentication
Passkey Authentication
SovSeal's primary authentication uses passkeys — the most secure authentication standard available:
- Phishing-resistant: Passkeys are bound to specific domains
- Hardware-backed: Stored securely in device security modules
- Biometric-optional: Enable Face ID, Touch ID, or PIN
- Cross-device: Sync across your authorized devices
Passkeys eliminate the vulnerabilities of passwords — no credentials to steal, phish, or guess.
Hardware Security Keys
For users requiring additional security, SovSeal supports:
- FIDO2/WebAuthn keys: YubiKey, Google Titan, and compatible devices
- Multi-key registration: Register multiple keys as backups
- Requirement policies: Optionally require hardware key for all access
Biometric Verification
Where available, enhance authentication with:
- Fingerprint recognition
- Facial recognition
- Device-specific biometrics
Heir Verification
When your configured release conditions are met, trusted contacts must complete rigorous verification before accessing vault contents.
Multi-Factor Verification
Heir authentication includes multiple independent factors:
| Factor | Description |
|---|---|
| Email/SMS confirmation | Verification codes to registered contacts |
| Government ID | Official identification document verification |
| Knowledge-based | Questions configured by the vault owner |
| Video verification | Optional live verification for high-value vaults |
Verification Process
When release conditions trigger:
1. Trusted contacts notified via email and SMS
2. Identity verification initiated
- Government ID upload and verification
- Liveness check (optional)
3. Knowledge-based authentication
- Answer security questions configured by vault owner
4. Multi-signature approval (if configured)
- Other trustees confirm release
5. Staged access granted
- Heir sees only designated filesVerification Levels
Verification rigor scales with asset sensitivity:
| Protection Level | Verification Required |
|---|---|
| Standard | Email + knowledge questions |
| Enhanced | ID verification + email + knowledge |
| Maximum | Video + ID + multi-signature |
You control the verification level for each heir.
Activity Monitoring
SovSeal includes optional activity monitoring to detect inactivity that might trigger release conditions:
Connected Account Monitoring
- Email activity detection
- Social media presence monitoring
- Optional third-party account connections
Check-In Mechanisms
- Periodic confirmation requests
- Customizable check-in frequency
- Grace periods before release initiation
Activity monitoring helps ensure release conditions only trigger when appropriate. We recommend configuring monitoring for automatic release scenarios.
Account Recovery
Recovery Codes
When you create your account, you receive one-time recovery codes:
- Store these securely, separate from your vault
- Each code can be used once for emergency access
- We recommend storing in a physical safe
Trusted Device Recovery
If you lose access to your primary authentication:
- Established devices may be used for recovery
- Recovery still requires secondary factor
- We cannot bypass authentication for you
What We Cannot Do
Important: Due to our zero-knowledge architecture, we cannot reset your authentication or recover your account if you lose all access methods. Maintain your recovery codes securely.
Security Best Practices
We Recommend
- Register multiple passkeys across different devices
- Store recovery codes in a physical safe
- Configure trusted device recovery
- Consider a hardware security key for critical accounts
- Review access periodically and update as needed
For Estate Planning
- Ensure trustees know how to access recovery codes
- Document authentication procedures for heirs
- Consider multi-signature for critical decisions