# Self-issued Account Credentials
I have a keypair, so I have a `did:key`, and I can create capability certificates as [UCANs](https://ucan.xyz).
But I don't trust my ability to keep the private key safe forever, especially if I try to use it across many devices. I'll probalby mess something up and leak the key, and if I don't do that, I'll probalby lose my devices before long.
I do trust trust.storage though. I want to authorize trust.storage to help me recover access to stuff if I lose all the other ways I can prove control over my stuff.
## Create
To create a DID Account, you first need an asymmetric keypair. The public key of the keypair will correspond to the account id.
Create an AccountCredential creating a Verifiable Credential ("VC") describing the Account. The VC's proof MUST have a root of trust in the private key corresponding to the account id's public key.
```
{
"credentialSubject": {
"type": "Account",
"id": "did:key:zAccountPublicKey",
"verificationMethod": [
{
"type": "EmailVerifier",
"id": "#primary-email-verifier",
"issuer": ["did:web:web3.storage"]
}
],
"authentication": [
"#primary-email-verifier"
],
"capabilityDelegation": [
"#primary-email-verifier"
]
}
"proof": {
"verificationMethod": "did:key:zAccountPublicKey",
"proofPurpose": "assertionMethod",
"jws": "{signature}"
}
}
```
Register the account with web3.storage using the ucan `account/put` capability
```
{
"iss": "did:key:zAccountPublicKey",
"aud": "did:web:web3.storage",
"att": [
{ "can": "account/put", "with": "ipfs://{cid-of-account-credential}"}
]
}
```
Sign in with Wallet
Connect another wallet