Integration details: What are you building and where are you integrating Smart Accounts?
Prefer not to say.
Describe problem/question: What is the specific issue or question?
If I use a passkey as the signer for a smart wallet, if my website/app vanished, can the user still access their wallet somehow?
My understanding is that the RPID ties the passkey to a specific web authority. The problem being that my users are then reliant on my company having provision to keep the website running to access their funds. This limitation of passkeys may also invoke regulations because arguably the user does not have full and unlimited control of their funds, unless they have another way to control it.
For example, if I nicely force customers to add an EOA as an additional signer, does MetaMask provide some form of UI through which they can perform rudimentary actions? E.g. to move their funds out and sign that UserOp with their EOA?
Hi Luke — good question, this is an important safety/UX concern and you’re right to think about it early.
Summary of what I pulled from your message
SDK: MetaMask Smart Accounts SDK (Gator)
SDK version: not provided
Platform: not provided
Issue type: conceptual / integration question (not an immediate error)
Short answer
WebAuthn/passkeys are bound to an RPID/origin. The credential remains on the user’s device, but it will only authenticate for the same RPID/origin (or whatever RP configuration you used). If your site/app (and its domain/RPID) disappears, the user’s passkey alone will generally not let them authenticate from a different origin. Restoring the same domain/RPID (DNS/hosting) would allow the existing passkey to work again.
Practical options / recommended patterns
Primary + fallback EOA
Let users add a separate EOA (an external owned address/private key) as an additional signer/owner/guardian on the smart account. That EOA can be imported into MetaMask (extension or mobile) and used to sign transactions if the passkey-based flow becomes unavailable. This is the simplest, most robust fallback.
Note: MetaMask does not automatically provide a “special” recovery UI for Smart Accounts if your website is gone — users would use a normal MetaMask wallet (or other wallet that holds the EOA) to sign whatever on-chain transaction you’ve designed as the recovery path (for example, a transaction that performs an execute/transfer via a recovery module or owner-authorized call).
Design an on-chain recovery/module flow
Build a recovery module or guardian system into your smart account (social recovery, threshold guardians, time locks, trusted EOA owner, etc.). That module should allow an alternate signer to perform a recovery action (move funds, replace signers) when the primary passkey is unavailable.
This is an account-abstraction pattern — the recovery actor will still need to submit a UserOp (signed according to your module rules) to a bundler/relayer or call a method via a normal tx depending on your implementation.
User-exported fallback
Offer an optional “recovery kit” (e.g., an EOA key or seed the user stores offline) that the user controls outside your site. Make sure UX and docs explain the tradeoffs and security implications.
Technical notes / gotchas
Passkeys are tied to RPID/origin; you can’t move a WebAuthn credential to a different RPID post-facto.
If your fallback signer is an EOA, the user can use MetaMask (extension/mobile) to sign transactions. But to perform a contract-account action (UserOp), your smart account needs to accept that EOA’s signature format (or you need a recovery function callable by that EOA).
Recovery usually requires either: a) a recovery module that recognizes an EOA signature and executes, or b) a way for the EOA to call the smart account’s admin method via a normal Ethereum tx (which may be simpler but costs gas from the EOA).
Builder Hub: https://builder.metamask.io
(If you want, I can point to specific Smart Accounts docs or sample recovery patterns — tell me if you want code samples.)
If you want me to draft a concrete fallback implementation (example: how to add an EOA owner and a small recovery module), tell me:
which SDK version you’re using (Gator — give me the version if possible)
which platform (web app, mobile, backend)
If you prefer, I can sketch a minimal on-chain recovery module + sample client flow you could drop into Smart Accounts.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours
Hey, we don’t have a website/ support channel that allows users to move funds from MetaMask Smart Accounts. You can add passkey as the back up signer and use the MetaMask EOA as a primary signer. Once user has added the passkey, they can use the passkey to access the wallet, and sign the transactions.
For recovery, you can still host a recovery website where they are able to connect their MetaMask wallets to access the Smart Accounts and move funds.
