This document lays out a series of questions that helps identify the design principles and choices that fit the ideal key management architecture for your wallet or application.
Before going through the questions, a general understanding of Web3Auth key management is necessary. Do either head to the docs or full MPC overview to get the general picture.
Would we want to use existing social logins (e.g. Google, FB, etc..) , or a passwordless login of our own?
What apart from user devices and cloud providers, what factors would users be interested in (e.g Devices, Social Recovery, QR backups, email backups)?
Do we want to allow importing of keys, with the trade off of key generation integrity?
Is non-custodiality defined as only a user should be able to access the key OR is prevention of denial of service also necessary?
Should a user always be able to export their key?
Enforicing security policies on all users vs key exportability, which is more important?