Obi Public Docs
  • FOR USERS
    • Quickstart: Using Obi
  • FOR BUILDERS
    • Obi: Cross-Chain Account and User Management
    • Dev Quickstart: Connecting Your App
    • Dev Quickstart: Building Multi-Chain Apps
    • πŸ”΅The Obi Smart Account Suite
      • πŸ”’Multikey
        • 🎣Preventing Phishing
        • πŸ“²SMS and Other Web2 Providers
        • πŸ’•Final Recovery
      • πŸ”Signet
        • Draft Signet Whitepaper
      • πŸ’•Extra Life
      • πŸ€–Automatons
      • ⏳Sessions
        • Threshold Escalation
      • πŸ§™β€β™‚οΈParty Members
        • Allowances: Hot Wallets, Budgets, and Subscriptions
        • Allow/Block/Delay Lists
      • 🧩Obi Stack Overview
      • β›½Gasless UX
      • πŸ”General Obi Features
      • πŸ“œSmart Account Design Philosophy
      • πŸ—οΈSmart Contract Architecture & Flow
    • πŸ›£οΈRoadmap: Upcoming Features
      • πŸ”§Duress Mode
      • πŸ“³Security Notifications and Lockdowns
      • βœ‹Global Transaction Limit (Sanity Limit)
      • 🌐Obi Service Providers
        • Incentivizing Service Providers
    • πŸ₯‡Obi's Unique Advantages
    • πŸ”’Multikey Attack & Loss Vectors
      • Passkey
      • Cloud Key
      • SMS Key
      • Telegram Key
      • WhatsApp Key
      • Social Recovery Key
      • Email Recovery Key
      • Ledger Hardware Key
      • Map Points Key
      • NFC Key
      • Major 2 Key Loss Vectors and Mitigations
      • Major 2 Key Attack Vectors and Mitigations
      • β€œUnlocked Obi Theft” Attack
  • Glossary
Powered by GitBook
On this page
  1. FOR BUILDERS
  2. The Obi Smart Account Suite
  3. Multikey

Preventing Phishing

The most sophisticated multi-key setup in the world cannot protect a user who intentionally signs a bad transaction.

Obi has three protections which can reduce the likelihood of phishing attacks draining a user’s wallet:

  1. Escalation: Users are recommended to create spend-limited, permissioned keys (flex accounts) on device which can only take actions up to a certain recurring amount. Any higher-spending or unknown actions will require full multikey threshold signing, indicating that the transaction is not trivial.

    Read more:

  2. Security Limits: Users can establish a Global Transaction Limit (Sanity Limit). Any transaction over this amount will be disallowed until the limit is lifted.

  3. Mandatory Delays: Transactions of certain kinds, involving certain contracts or tokens (including specific NFTs), or above certain set values can trigger a mandatory delay, where the transaction is queued and can only be completed once the delay has completed. Attacks which rely on tricking the user to sign would then have to also trick the user to confirm later.

PreviousMultikeyNextSMS and Other Web2 Providers

Last updated 1 year ago

πŸ”΅
πŸ”’
🎣