Using a third-party provider for disaster for Mobile Key Share Backup and Recovery gives you several advantages:

1. You do not need to rely entirely on memorizing or accessing your Owner’s recovery passphrase to perform a Key Share Recovery.
   

   Important

   We strictly recommend this process in addition to knowing your Owner’s recovery passphrase, rather than depending solely on your Disaster Recovery Service (DRS) provider. For Workspace Key Recovery, you still must know the Owner’s Workspace Key recovery passphrase from when a Workspace Key Backup was created.

2. You use visual identification over a video conference call with your DRS provider, which is a more secure method than using a passphrase.
3. Enhanced security through a decentralized access control list. You can define the minimum number of personnel required to authorize a recovery from the DRS provider.

Prerequisite steps to use a third-party DRS

1. Enroll with a Fireblocks DRS provider using the steps in this DRS article. You must sign a license agreement and buy an annual plan with your provider.
2. Your workspace Owner enrolls with Key Share Backup done by a DRS on their Fireblocks app:
   
   1. On an iOS device:
      
      
      1. Tap Settings > Linked Users.
      2. Tap on Run DRS to the side of the Owner’s user information.
      3. Tap on Run DRS.
      4. Tap Next to enroll in the Disaster Recovery Service.
      5. Enter your PIN code to initiate the backup.
      6. Authenticate your identity using your mobile phone's biometrics.
      7. Receive confirmation in your Fireblocks mobile app that Fireblocks has sent the key backup to your DRS provider. Note that it can take several days (based on the Fireblocks offline recovery kit SLA) from when you enroll to when your DRS provider receives your backup keys. Depending on your terms of agreement with your DRS provider, a separate SLA may also apply on their side so they can confirm they received it.
   2. On an Android device:
      
      
      1. Tap Settings > Linked Users.
      2. Tap on Run DRS.
      3. Tap Enable to enroll in the Disaster Recovery Service.
      4. Enter your PIN code to initiate the backup.
      5. Authenticate your identity using your mobile phone's biometrics.
      6. Receive confirmation in your Fireblocks mobile app that Fireblocks has sent the key backup to your DRS provider. Note that it can take several days (based on the Fireblocks offline recovery kit SLA) from when you enroll to when your DRS provider receives your backup keys. Depending on your terms of agreement with your DRS provider, a separate SLA may also apply on their side for them to confirm to you that they received it.
3. You will receive a confirmation email from your DRS provider that your backup package has been successfully received from Fireblocks.

Performing a Key Share Recovery by your DRS

1. Contact your DRS provider to request the Key Share Recovery passphrase. This is the separate passphrase your Owner created just for Key Share Recovery through your DRS.
2. Your DRS provider will validate your identity, then send you the passphrase.
3. Contact Fireblocks Support to activate Recovery Mode on the workspace Owner
4. Fireblocks Support recognizes that you have DRS enabled and validates your identity. This is how Fireblocks ensures that the DRS provider does not initiate an Owner recovery on their own and that only your actual workspace Owner can do that.
5. Fireblocks Support performs the change. This may take several days based on the Fireblocks SLA.
   

   Note

   Activating recovery mode is subject to strict security screening by Fireblocks Support, including identification over a video conference call.

6. Optional: Other workspace Admins can navigate to Settings > Users in their Fireblocks Console and see that the status of their Owner user is “Pending Device Pairing”.
7. The Owner opens the Fireblocks Console. Scan the QR code that appears to enroll with the Fireblocks mobile app. The Owner scans the QR code with the Fireblocks mobile app.
8. The app opens in Recovery Mode. The Owner must now enter their Key Share Recovery passphrase.
9. The app attempts to decrypt the key share locally using the entered passphrase.
10. Key recovery is complete.
    

    Note

    If no one in your workspace has access to the Owner's passphrase, then you should perform these additional steps:

    1. Your workspace Owner should use the mobile app to navigate to Linked Users > Change Passphrase and create a new recovery passphrase.
    2. Your workspace Owner submits a new ticket to Fireblocks Support to have the Workspace Key Recovery package re-created and sent to your DRS provider. This is subject to identity verification and multi-day SLA.