this is right and will add some more color:

- warplet isn't directly recoverable via email, it's recoverable with a proof from the custody account of an FID

- Farcaster accounts have their own recovery mechanism built that lets you designate another Ethereum account that can recover the FID

- if you sign up via Warpcast the default recovery address for your Farcaster account is one controlled by Warpcast

- Warpcast will approve a recovery of your Farcaster account if can you prove control of the email you signed up with

- since email compromise happens, we have an Advanced Protection mode that let's you setup MFA so that in order to recover your account you need to prove both control of email + code from an authenticator app

- we recommend everyone, especially those holding lots of funds in their warplet, to turn on Advanced Protection in settings

Reminder: there's also plenty of people who have lost huge amounts of crypto to *loss* rather than theft.

Software bug, forgotten password, lost device, paper wallet burned down in LA fire, upgraded device without backing up data .... lots of ways for that to happen.

Because…

farcaster can be recovered via email btw

hoping the new warplet wallet also can be soon

(i think merkle team working w priviy for a simolar email based recovery process than they have for their embedded wallet/account

bleu.eth

this is right and will add some more color:

- warplet isn't directly recoverable via email, it's recoverable with a proof from the custody account of an FID

- Farcaster accounts have their own recovery mechanism built that lets you designate another Ethereum account that can recover the FID

- if you sign up via Warpcast the default recovery address for your Farcaster account is one controlled by Warpcast

- Warpcast will approve a recovery of your Farcaster account if can you prove control of the email you signed up with

- since email compromise happens, we have an Advanced Protection mode that let's you setup MFA so that in order to recover your account you need to prove both control of email + code from an authenticator app

- we recommend everyone, especially those holding lots of funds in their warplet, to turn on Advanced Protection in settings

https://x.com/bleuonbase/status/1895474554233036981?s=46

Building @warpcast and @farcaster / dad / like to read, cook, ski, code

Don't authenticator apps use email as well? if someone's email is compromised don't they have access to the authenticator app as well?

Normie truned into degen in FC | I'm mostly JK | Host /venting /burrfrens | mod /impact /byegary

I can't speak for every authenticator app or how users configure them but in general no as this would nullify the entire premise of MFA

If someone do have your authenticator app setup so that an email compromise alone will lead the compromise I'd suggest they use a different back up strategy