Mnemonic Authentication (Legacy)
Mnemonic authentication is ONLY available for existing users who created accounts before November 2025.
New users cannot use mnemonic authentication. If you're a new user, please use one of our modern authentication methods: Google, Apple (coming soon), or GitHub OAuth.
→ See Authentication Methods for details.
Learn about our secure, extension-free authentication system using cryptographic mnemonics. This method is maintained for existing users who registered before the transition to OAuth-based authentication.
Authentication Methods
Hippius offers different authentication options depending on when you created your account:
For New Users (November 2025 onwards)
New users must authenticate using one of the following OAuth providers:
| Provider | Description |
|---|---|
| Sign in with your Google account | |
| Apple | Sign in with your Apple ID (Coming Soon) |
| GitHub | Sign in with your GitHub account |
These modern authentication methods provide:
- Seamless single sign-on experience
- Two-factor authentication support from your provider
- No need to manage or backup recovery phrases
- Industry-standard OAuth 2.0 security
For Existing Users (before November 2025)
If you created your account before November 2025, you have two options:
- Mnemonic Authentication - Continue using your existing mnemonic phrase (legacy method, documented below)
- OAuth Authentication - Link your account to Google, Apple, or GitHub for a modern sign-in experience
Overview (Legacy Mnemonic System)
Hippius originally used a mnemonic-based authentication system that provides secure access without requiring browser extensions or storing sensitive data. Your mnemonic phrase acts as both your identity and encryption key, giving you complete control over your account security.
This section documents the legacy mnemonic authentication system for existing users only.
How It Works
Mnemonic Generation
Your mnemonic is a sequence of words that represents your cryptographic identity. It's generated using secure random number generation and follows BIP39 standards.
Key Derivation
From your mnemonic, we derive multiple cryptographic keys for different purposes (authentication, encryption, signing) using deterministic algorithms.
Secure Authentication
When you log in, we use your mnemonic to generate your public-private key pair. The public key identifies you, while the private key proves your identity.
Advantages Over Browser Extensions (Legacy)
These advantages apply to the legacy mnemonic system. New users should use OAuth authentication instead.
No Dependencies:
- No need to install or maintain browser extensions
- Works across all modern browsers without compatibility issues
- No version conflicts or update requirements
Enhanced Security:
- No persistent storage of sensitive data
- No attack surface from third-party extensions
- Protection against extension-based phishing attacks
- Immune to extension-specific vulnerabilities
Better User Experience:
- Consistent experience across all devices
- No need to sync extensions between browsers
- Faster loading without extension overhead
Security Considerations (Legacy Mnemonic System)
Zero Storage Policy:
We never store your mnemonic or private keys. They exist only in memory during your session and are cleared when you log out or close the browser.
Client-Side Operations:
All cryptographic operations happen in your browser. Your mnemonic never leaves your device, ensuring complete privacy.
Secure Key Generation:
Keys are generated using cryptographically secure random number generation and follow industry-standard protocols.
Important: No Recovery Option
Your access key cannot be recovered if lost
Due to our zero-knowledge security model:
- We do not store your mnemonic phrase anywhere
- There is no "forgot password" option
- No one, including our support team, can recover your access key
- Losing your mnemonic means permanently losing access to your account
We strongly recommend using a password manager or other secure method to store your access key. Make sure to have a backup in a safe place.
Password Manager Compatibility
Our login system is designed to work seamlessly with password managers. The access key field is properly marked as a password field, allowing your preferred password manager to:
- Securely store your mnemonic phrase
- Auto-fill the access key field on subsequent visits
- Generate and store backup copies of your mnemonic
We recommend using a password manager to securely store your mnemonic phrase, as it provides an additional layer of security and convenience.
Browser Security
Our application is designed with security in mind:
- Your mnemonic is handled securely in memory and never stored in plain text
- The application works safely even with multiple tabs open
- We use secure input fields that prevent accidental exposure of sensitive data
- All cryptographic operations are performed client-side for maximum security
Best Practices (Legacy Mnemonic Users)
If you're an existing user still using mnemonic authentication, consider linking your account to Google, Apple, or GitHub for a more convenient sign-in experience while maintaining the same level of security.
- Store your mnemonic phrase securely offline
- Never share your mnemonic with anyone
- Use a secure device when entering your mnemonic
- Always log out when using shared devices
- Regularly verify your backup of the mnemonic phrase