# 7.2 Non-custodial Key Management As part of our goal of financial inclusion and enablement of abundance through blockchain technology, there has typically been a technology gap which has excluded those who are not technically proficient or well versed enough in the use and management of private keys. As a result, we created a hybrid non-custodial key management solution to enable users to access their accounts and wallets with only a username and password, while still allowing for traditional account recovery via a forgot or reset password flow. *** ### **Accounts** The account creating process is simple, the user either locally generates a wallet or connects their own Celo-compatible browser extension wallet such as Metamask or Portis. The user then chooses a third-party to play the role of Guardian in the event of account recovery. Network accounts consists of a 2 of 3 multi-signature wallet **Network Cosigner** * Responsible for confirming *relayed* transactions * Operated by the network **Client Wallet** * Can be self-custodied or keys stored via an encrypted keystore. * Operated and only accessible by the owner of the wallet. * Used to add new transactions to the multisig to be cosigned by the network operator. **Guardian Wallet** * Operated by third party custodial service * Responsible for recovery if a member loses control or access of their client wallet * Incentivized by network to offer guardian service to custody partial keys on behalf of the user ### **Transactions** Signing transactions are also simple, the user signs a transaction with their client wallet keys and asks the Network Cosigner to the *cosign* and confirm the transaction. ### **Recovery** \*\* \*\*If a user loses access to their client wallet, they will generate or connect a new wallet. After it’s generated, the user sends a request to their Guardian to call the **`replaceOwner`** function in order to swap the old client wallet address with a newly generated client wallet. Afterwards, the guardian asks the Cosigner to confirm the **`replaceOwner`** transaction.