FAQs: SAFE Authenticator (mobile)

What is Self-Authentication?

Self-Authentication means you can log in and secure your data with no middleman. You never have to give your password to anyone or ask a third party’s permission to access your data. Your information, and access to it, belongs to you and no one else. Your passphrase and password are used to locate your data on the Network and then used to decrypt that data locally. That means no one needs to hold a record of your files or your login details—and there’s no need to ask anyone for permission to access it. This is known as Self-Authentication and enables you to find, unlock and decrypt your own data.

What is the SAFE Authenticator?

The SAFE Authenticator acts as a gateway to the SAFE Network and allows the user to control and manage what access and permissions to give to other SAFE apps.

What are its main features?

This application can be used to create an account and log in to the SAFE Network. It also helps the user to authenticate other SAFE apps and manage access permissions for applications that are already registered. See the latest feature list here.

How do I download the SAFE Authenticator for mobile?

Platform OS Version and Architecture Download Link QR Code
Android 5.0+ (armeabi-v7a, x86_64) AppCenter, GitHub Android-QR
iOS iOS 11+ (ARM64, x64) AppCenter iOS-QR

Note (Android): If a Blocked by Play Protect pops up during installation, just click install anyway

Note (iOS): We use Azure App Center to distribute iOS builds. Please register here so we can add you in our testing group so you can download and install the app.

Pre-requisites:

  • To connect the authenticator to a section of vaults, you will need a copy of the vault_connection_info.config file for the section(s) you want to connect to, on your mobile device.
    • For the Shared Section you can download the config file here. Note that in the most recently released versions of the authenticator we have added a built in download button for the latest Shared Section config file.
    • For your local vault see the CLI User Guide for details on where the vault_connection_info.config file will be stored on your OS.

How do I connect the SAFE Authenticator to a section of vaults?

If you are connecting to the Baby Fleming Public Shared Section then setup steps are as follows:

  1. Download to your mobile device a copy of the Shared Section vault_connection_info.config file from here.
  2. Open the SAFE Authenticator app, click into settings and click to add a new config file. Browse to and select your downloaded config file, name it and you are good to log in with your Shared Section login details, or create a new Shared Section account if required.

Note that in the most recently released versions of the authenticator we have added a built in download button for the latest Shared Section config file.

If you would like to connect to a local section of vaults on your home network, which is running on a machine which does not have an externally exposed IP, then there are a couple of extra steps.

  1. First, you should note the local IP (e.g. 192.168.xx.xx) of the machine you will be running your section on.
  2. Launch your local section with a command which specifies that IP so it is explicitly added to the config file that it produces, i.e. safe vault run-baby-fleming --ip 192.168.xx.xx.
  3. Copy the newly generated vault_connection_info.config file to your mobile device.
  4. Open the SAFE Authenticator app, click into settings and click to add a new config file. Browse to and select your local section config file, name it and you are good to log in with your local section login details, or create a new account if required.

See the CLI User Guide for more information on running, connecting to and using sections of vaults.

What are the Account passphrase and Account password in the SAFE Network?

The account passphrase defines the location of the user’s account and data. The account passphrase has to be considered more like a password and should be kept private to retain anonymity.
The account password is used to secure (encrypt) the data.

Why should both the passphrase and password be kept private and secure?

Anyone who knows the passphrase and password to a particular account will be able to access the data belonging to that account. These credentials should be kept safe because if lost the user’s account and data cannot be retrieved.

How do I create an account?

Open the SAFE Authenticator and go to the ‘Create Account’ screen. From there it is only a three-step process to create an account on the SAFE Network.

What happens when I revoke an application?

All the permissions which were provided by you to the app are revoked and the application will not be able to modify the data on the network.

What type of applications can I authorise?

Any SAFE application which wants to access the SAFE Network needs to be authorised by the authenticator.

What is auto-reconnect?

This is used to automatically connect to the network. When toggled on, your passphrase and password are stored securely on your mobile device. Logging out or switching auto-reconnect off will clear the credentials from the memory.

I am having problems downloading from Azure App Center to my iPad

By default iPads request desktop sites, which will lead to an on-screen message asking you to enable “Request Mobile Site” when you try to install an iOS app.

How to switch to the mobile site isn’t always immediately obvious, but it can be altered in settings.

App Center have an issue logged here to document this, which at the time of writing remains open.

Steps to update this:

  1. On your iPad open Settings -> Safari

  2. Under the Settings For Websites section, select Request Desktop Website and switch this off.

  3. Reload the App Center site and you should now be able to register your iPad and download the app.

I have an issue, where do I report it?

Please feel free to raise any issues found with the mobile authenticator here.

15 Likes