Protected by Privy

Understand how Privy works and learn best practices for securing your account.

hero

What is Privy

Privy helps developers onboard any user to web3 apps securely.

We build the software that powers the user onboarding and wallet infrastructure for popular crypto applications. Privy helps developers unlock the benefits of building with decentralized systems to enable new product experiences for their users.

How Privy works

Privy lets developers easily provision user accounts for all users, whether they know about crypto or not. This means letting users connect with their existing wallet (MetaMask, Coinbase Wallet, etc.) if they already have one, and provisioning an embedded wallet for those who do not.

Wallets allow users to receive assets, sign messages, and transact on the blockchain. Embedded wallets let users do this without any of the traditional complexity associated with securing your own cryptographic keys.

How Privy secures your account

Privy systems are securely architected from the ground up. We work to secure your assets and data in three key ways:

Proactive security

We use resource isolation and cryptographic architecture designed to prevent Privy or our its developers from ever touching your keys. Learn more

Active monitoring

Privy systems are instrumented for active monitoring. This means automated alerts triggered by unexpected or abnormal activity and 24/7 on-call security.

Battle-tested infrastructure

Privy uses a multi-layered security approach, with extensive audits and robust infrastructure failsafes, to protect your account.

Additional steps to secure your account

Privy sets secure defaults and enables you to turn on more security features—like MFA or recovery passwords—as your account grows in value.

Enable MFA

As your account grows in value, add multi-factor authentication (MFA) with passkeys, authenticator codes, and more.

Add another method

Add an additional authentication method in case you are locked out of your account.

Backup to cloud

Back up your account to Google Drive or Apple iCloud to recover it on new devices.

Don’t see these options in your app? Reach out to the app you are using to support them.

Tips for protecting yourself online

Beyond this, it’s important to stay vigilant on the web to stay safe. Here are a few best practices on the web and onchain:

  • Always check the domain of a website you are connecting to.
  • Never volunteer information to a given person or domain if you are not sure why they need it, or they cannot prove that they are an appropriate party to share it with.
  • Understand what software is running. Software can be used to eavesdrop or steal data from you.
    • Do not save bookmarks in your browser on behalf of someone.
    • Do not install extensions in your browser that you do not understand.
  • Never disclose private information like login codes. Privy and its customers will never ask you for any log in codes, private keys, or any other private information that can be used to impersonate you.  Never input login codes, passwords, private keys into a site you do not recognize.
  • Always backup critical information, such as recovery passwords, in a password manager.

If you’re ever unsure, take a step back to think through things. No matter how urgent something is, actions in self-custodial systems are often irreversible. You can always reach out to security@privy.io with questions at any time, we are here to help.

Common troubleshooting

If you’re having trouble accessing your account, here are a few recommendations:

Make sure you’re signing in with the same credentials you initially used to create the account. Often, you may be trying to sign in with new credentials (for example a phone number rather than an email), leading to a new account being created for you.

Verify you are getting the appropriate verification texts or emails to log in. If you are not, please reach out to support@privy.io.

In general, we recommend linking multiple authentication methods to your account, when possible, to help you in case you lose credentials.

Unfortunately, if you have forgotten your credentials, there’s typically nothing Privy can do to help. For security reasons, Privy can never grant access to a user account without verifying the correct login credentials.

Additionally, if you lose the recovery password you set to secure your embedded wallet, there’s nothing Privy can do to help you access the wallet. See above best practices for securing your account.