Many people ask us what to do if they forget their binding code, so this article introduces the function and precautions of the binding code.
What is a binding code?
Some users may have noticed that mobile banking apps now have a device binding feature. This is a security enhancement that essentially links the user's mobile device and account together. If the mobile banking account is stolen and a bad actor attempts to log in, the mobile banking app will detect the abnormal login device and require the user to personally authorize or authenticate. Because the user's phone cannot be obtained, this effectively prevents malicious behavior.
Similarly, the imKey binding code is an 8-digit random number consisting of digits (0-9) and letters (excluding 0 and letter O, 1 and uppercase I). ImKey uses a similar security strategy to bind the hardware wallet with an app (such as the imToken wallet) to prevent asset loss in the event of wallet theft or PIN code leakage.
When is the binding code generated?
For new devices, specifically imKeys that have not been activated or used to create a wallet, the binding code will pop up and require verification input when the imKey receives its first external app access.
For old devices that have already been reset and have not yet been used to create a new wallet, the binding code will also pop up and require verification input when the imKey receives external app access.
How secure is the binding code?
First of all, the binding code is a random string generated by a secure chip's true random number generator, so its security level is the same as that of the private key. In addition, after the binding code is generated, it is not transmitted through any channel, but is only displayed on the imKey's LCD screen. Users need to enter the binding code displayed on the imKey screen on the mobile side, fundamentally avoiding the risk of a man-in-the-middle attack.
Therefore, it is recommended that users store the binding code together with the mnemonic phrase in a secure place, and do not take pictures of them and store them on any online devices.
Additionally, some common questions are listed:
How does the imKey binding mechanism work?
- ImKey is bound one-to-one with the app (such as the imToken wallet) currently installed on the user's phone. If the app is accidentally deleted, the user needs to download the app again and enter the binding code to re-bind.
What if the user loses or changes their phone?
- If the user changes their phone, they need to download the app again and enter the binding code to re-bind.
What if the user loses or forgets the binding code?
- If the binding code is lost, the wallet can be reset to generate a new one, but it is important to ensure that the mnemonic phrase has been backed up beforehand. If the mnemonic phrase is not backed up, the assets will be permanently lost after the wallet is reset.
What if the binding is successful but the user forgets to copy and back up the binding code?
- For example, in the imToken wallet, users can view the binding code on the imKey management page in the menu after successfully connecting the device.