Embedded Wallets
Unforgettable Embedded Wallets let your app provision a self-custodial user wallet with seamless onboarding and a familiar, app-native experience. They are built on Just-in-Time (JIT) key infrastructure: a user’s private key is deterministically reconstructed on the device from multiple noisy inputs (such as biometrics) only when a signature is required, used to authorize the action, and destroyed immediately afterward.
The key benefits of Embedded Wallets are:
- True self-custody, zero key liability. Users fully control their wallets; your backend cannot move funds.
- Streamlined onboarding. No seed phrases, no extensions, just a clean, intuitive flow.
- Phishing-resistant key management. Nothing to type or copy, and no keys stored at rest—removing most social-engineering attack vectors.
How it works
Let’s say a user wants to transfer stablecoins from their embedded wallet. The flow looks like this:
- The user logs into your app.
- Wallet setup or recovery begins.
- Multi-step, on-device authentication runs using biometric or visual inputs, during which the key is reconstructed.
- The stablecoin transaction is signed.
- The key is discarded immediately after use.
Additional security layers
To further enhance security, Embedded Wallets allow to set up Passkeys as a second factor for sensitive actions, and a Policy Engine to enforce custom rules (e.g., transaction limits, geofencing, time-based restrictions).
What happens when key derivation fails
Key derivation mechanisms based on noisy inputs (biometrics, visual keys) are robust to small changes but can fail under large changes. Unforgettable provides several fallback options to recover access without compromising self-custody.
See Recovery for trade-offs and flows.