How recovery works

idemeum offers complete passwordless experience - no passwords exist for onboarding, no passwords exist for login. In order to achieve that, idemeum is using something you have (your mobile device) combined with something you are (your biometrics) to perform multi-factor authentication of employees when they access corporate applications.

When the device is lost or stolen, we can not rely on password or email verification for identity recovery. Instead, idemeum is using QR code to recover digital identity for an employee.

If recovery QR code is lost, there is nothing we can do to recover employee password applications. At idemeum we implemented zero-knowledge architecture (all passwords are encrypted on the client side), therefore we will not be able to restore your passwords without recovery QR code.

Store recovery QR code

When idemeum is installed on a mobile device, user first creates digital identity (by enabling biometrics and verifying identity claims such as email address and phone number), and then user is presented with an option to store secure recovery QR code.

User has two options:

  1. Download QR code - the code will be saved to phone photo gallery. We recommend to print the recovery QR code and save it in the secure location.
  2. Save to cloud storage - for added convenience we offer the option to store recovery QR code to cloud storage (Google Drive on Android, and iCloud Drive on iOS). With this option user will need to enter cloud storage credentials, and the QR code will be saves to secure app specific location.

If for some reason you did not save or lost your recovery QR code after initial installation, you can always access it in Settings -> Recovery code menu. You will be given same two options - print QR code or save it to cloud storage.

Please, make sure you store your recovery code as it is the only way to recover your digital identity.

Recover idemeum app

When recovering idemeum identity, users will need to use recovery flow after application is installed. Click Recover identity and proceed with on screen instructions.

You will be asked to either Scan QR code or automatically recover identity from cloud storage.

What is recovered?

It is important to understand what is recovered after the secure QR code is used.

  1. Employee is assigned the same DID (decentralized identifier) so that she can access the same applications and resources as before
  2. Employee will be able to access all Single Sign-On applications as before
  3. Employee password applications and all associated passwords will be restored
Employee will need to re-verify identity claims (such as email address and phone number) as those claims are not recovered after the device is lost. After applying recovery QR code, follow on screen instructions.