Skip to main content
Embedded wallets are non-custodial; if a user loses access to their auth method, they need a recovery path. Polygon’s embedded wallet stack provides two complementary mechanisms: passkeys (device-based) and timed recovery (phrase-based).

Passkeys

Passkeys are the primary recovery method for most users. They use device-bound biometrics, Face ID, Touch ID, or Windows Hello, to authenticate without a password or seed phrase. How it works:
  1. During onboarding (or at any point after), the user registers a passkey on their device.
  2. The passkey is cryptographically bound to their wallet’s Merkleized configuration; it is one of several valid signers.
  3. If the user loses access to their primary auth (e.g., loses their Google account), they can recover using any registered passkey.
  4. Passkeys sync across devices via iCloud Keychain (Apple) or Google Password Manager, so a user who registers on iPhone can recover on iPad.
Passkeys are configured per-project in the Polygon project dashboard. Once enabled, they appear as an option in the sign-in modal.

Timed recovery (24-word phrase)

Timed recovery is the fallback for users who lose all device access. It uses a 24-word recovery phrase, similar to a seed phrase, but with a mandatory 30-day lockdown period before it takes effect. How it works:
  1. The user initiates recovery using their 24-word phrase and specifies a new destination wallet.
  2. A time-locked transfer bundle is queued onchain. The recovery does not execute immediately.
  3. During the 30-day window, a Watchtower service sends email notifications to the original auth email. If the request is fraudulent, the user can cancel it.
  4. After 30 days, the transfer executes and the user regains access.
Security properties:
  • The 30-day delay prevents instant silent takeovers (e.g., if someone steals the phrase but not the device).
  • The process is Sequence-independent: users can run the recovery tool without Sequence’s involvement, as long as an EVM chain is live.
  • Session metadata is backed up to Arweave, ensuring the recovery bundle can always be reconstructed.
  • Notifications are sent via the user’s auth email; any unauthorized recovery attempt is surfaced.
Timed recovery is designed for worst-case scenarios. Encourage users to register passkeys during onboarding so recovery is straightforward in common situations (new device, lost phone).

Recovery UX guidance for fintechs

For payment and banking products, consider the following:
ScenarioRecommended recovery path
User gets a new phonePasskey sync via iCloud or Google
User loses their Google accountPasskey on any registered device
User loses all devices24-word timed recovery (30-day delay)
User forgets their phraseNo recovery possible; communicate clearly at signup
Make passkey registration part of your onboarding checklist. Products that surface it as an optional step see lower completion; treat it as a required step for users who hold meaningful balances.

Further reading

Timed recovery architecture

Full documentation on the recovery flow, notifications, and the standalone recovery tool.