Signers are the actual keys that can control your account. Think of them as multiple keys that open the same lock. Each signer can be invalidated at any time if you're authorized with one of the other ones, and a new signer can be added at any time.
The signer settings are specific to each blockchain network. When you create a new account, you start with the same signers on all supported blockchains (e.g. Ethereum, Polygon), but from that point on you change signers individually for each chain! There are a few types of signers:
- Email/password signer: those are added by default if you create an account with an email and password. Under the hood, those signers actually consist of two private keys, one of which unlocked with your email via a confirmation code, and the other with your password. Both are required to make transactions immediately, but only one of them can also send transactions with a 3 day timelock. This allows you to recover your account in case you forget the password.
- Hardware wallets: Ledger/Trezor. This is the recommended way of using Ambire Wallet with larger sums. If you only have a hardware wallet signer on your account, you achieve the same security as using a hardware wallet itself directly, but with all the added features such as gas abstractions, batching, etc.
- Web3 wallets: those are wallets built into the browser or installed as an extension. We generally do not recommend this option unless you're a power user and you're already comfortable with those. The email/password signer is more secure in most circumstances because it's actually a 2-out-of-2 multisig under the hood. With web3 wallets, you have one private key kept in memory that if compromised, could be drained immediately.
Note that thanks to the so-called "account abstraction", signers just need to sign messages rather than transactions, which eliminates many problems such as EIP1559 support in hardware wallets.
OTP and two-factor authentication
Ambire Wallet features OTP via 2FA, which can be easily activated in the "Security" menu. For the email/pass accounts, enabling of the 2FA adding an extra layer of security and has a distinct security advantage, since the confirmation code is only valid for a specific transaction and time, versus normal 2FA where the code is only time-derived.