Usage and recovery
Daily use: feels like unlocking your phone
With PicWe Wallet, a typical flow looks like this:
- Start an action in the wallet or an integrated app;
- Confirm with the device you already use (Face ID, Touch ID, fingerprint, PIN, or a security-key press);
- The transaction is broadcast on-chain in the background.
Users are not asked to juggle seed phrases, export private keys, or copy raw signatures.
Confirmation happens on your device, and critical key material never leaves the secure hardware boundary.
Signing stays inside the hardware trust boundary
PicWe Wallet does not park keys in ordinary app memory or flat files.
Signing is delegated to the device’s local trusted hardware environment.
In these models, keys are designed to be non-exportable, non-cloneable, and non-readable from normal software.
The app can only ask the chip: “sign this payload” — and receive a signature, not the secret.
The user-visible difference is straightforward:
you confirm on a device you already own — not on a second, dedicated wallet you had to purchase.
Multi-device by design, not single-device lock-in
A PicWe Wallet account is not “one static private key.”
It is an on-chain account authorized by multiple hardware signing terminals.
- Register phone, laptop, and a secure USB key as signing devices for the same account;
- Each device generates its own hardware-bound key — key material is never shared between devices;
- Account policy decides which actions need which device(s), and what quorum applies.
That yields:
- Consistent cross-terminal UX — use any registered trusted device without shuttling secrets;
- Tolerance for device loss — losing one device does not automatically mean losing the account.
Recovery: device sets and policy, not a single paper secret
Classic wallets often boil down to:
“All security rests on one piece of paper with twelve words.”
PicWe Wallet recovery is built around a trusted device set plus on-chain account policy:
- Cross-device enrollment: already-trusted devices can bootstrap a new device;
- Guardians: optional trusted addresses can participate in recovery with policy constraints;
- Time delays and re-confirmation: sensitive changes (e.g. rotating signing devices) can require a cooling-off period;
- Tiered permissions: different rules for small frequent spends vs large or sensitive operations.
Common real-life cases:
| Scenario | Recovery path |
|---|---|
| New phone | Authorize from laptop or secure key; add the new phone as a signing device |
| Retire a PC | Authorize from phone; remove the old machine from the device set |
| All devices lost | Use pre-configured guardian policy with time-locked confirmation |
| Large transfer | Require extra device confirmation or stricter policy |
Recovery becomes a governed structure — not a one-time gamble on handwriting a seed phrase.
Smoother first-time experience
Hardware security should not punish first-time users.
Beyond signing and recovery, PicWe Wallet can streamline onboarding:
- Gas sponsorship: first actions without holding native gas tokens upfront;
- Session keys: scoped, time-limited delegation to reduce repeated confirmations where policy allows;
- ERC-20 fee paths: pay network fees with assets users already hold;
- Policy-aware approvals: different flows for payments, DeFi, subscriptions, and high-risk actions.
For users: you do not have to buy gas and learn seed phrases before your first success.
For builders: product UX can be scenario-driven while the hardware boundary still holds the keys.