Security & Account recovery

Tips for Securing your Salt Organisation

Always practice self-sovereign security! Salt is a facilitating tool—not a recovery service.

Secure Your Wallets and Robo Guardian Infrastructure Ensure the security of the personal browser wallet(s) that belong to you and/or any bots you’ve allow access. Secure your organization’s Robo Guardian infrastructure and regularly review it. Always use strong passwords and multi-factor authentication where possible.
Review Policy Configurations Misconfigurations in operational and agent-managed accounts may create vulnerabilities. Regularly audit and verify access settings.
Research and Understand Third-party Services If your organisation is interacting with third-party service providers through Salt, it is your responsibility to research and thoroughly vet the third-party service, its fees and its terms. Any relationship with a third-party service provider is between your organisation and the third-party provider. In particular, Salt does not have any oversight over the services you receive from your activities with third-party services provided outside of the Salt app.

❌ Salt Cannot Recover Lost or Compromised Assets – Salt has no fallback mechanism for lost access credentials. If your wallet, signing device, or cryptographic keys are compromised, your assets may be permanently inaccessible.

What if Salt goes dark?

If the Salt platform is compromised, whether due to technical failures or censorship, all users of Salt will be able to move their funds to different wallets, permissionlessly using the Salt Recovery App. Salt (as a platform or organisation) is unable to freeze funds.

How to move funds if the Salt platform fails

Salt will provide a downloadable desktop app that uses your key material to move your funds from Salt accounts to any digital asset address of the Owner’s choosing. It is offered to ensure owners cannot be frozen out of their funds should Salt go dark.

This desktop application will allow signers to bypass all Policies in order to move funds to a non-Salt account. It is not for day-to-day usage. This desktop application is completely independent of Salt. The app will operate on a local computer independent from the Salt platform.

What if the cryptographic protocol goes dark?

Users only require access to the SDK and the deployed smart contracts in order to continue using INTU, the cryptographic MPC protocol underlying Salt.

Visit the INTU documentation for a detailed list of their software dependencies and what they’re used for. In brief, this includes:

communication protocol - used to create Salt accounts
RPC endpoints - used interacting with blockchains, such as for transactions, account creation
blockchain indexers - used for reading chain data

For more information about INTU, see https://docs.intu.xyz/.