Being Identity Verification

Overview

Orion beings are powerful. They get things done autonomously. But some actions -- like moving money, deleting files, or touching system settings -- need a human thumbs-up before anything happens.

That's where the Secret feature comes in. It's a passphrase you set. When a being wants to do something sensitive, it asks you first. Think of it as a bouncer for your most important actions.

What is the Secret Feature?

Your Secret is a personal passphrase (up to 10 characters) that you set in Dashboard Settings. When a being needs to do something sensitive, it'll ask you to provide your Secret first. No Secret, no action. Simple.

Here's the important part: We don't know your Secret. We never store it, never log it, never have access to it. Zero-knowledge architecture means even Orion can't retrieve it. Hackers can't extract what we don't have -- whether through server-side attacks, prompt injection, or anything else.

Even if someone gets into your conversation history or tries to manipulate a being, they can't execute critical actions without your Secret. And since we don't have it either, there's nowhere for attackers to steal it from.

How It Works

1. Set Up Your Secret (takes 30 seconds)

• Navigate to your Dashboard Settings
• Locate the "Secret" option in your security settings
• Enter a memorable passphrase up to 10 characters
• Save your Secret securely

2. The Verification Flow

When a being tries to do something restricted, here's what happens behind the scenes:

• The being identifies that the requested action requires user verification
• The being actively asks you to provide your Secret using a specialized verification tool
• You provide your Secret directly in response to the being's request
• The being uses the provided tool to verify your Secret without Orion ever seeing or storing the value
• The verification happens in a secure, ephemeral context—no logging, no persistence
• Only upon successful verification does the being proceed with the action

Golden rule: The being always asks you first. Never volunteer your Secret unprompted. If a being asks for your Secret out of the blue or for something that doesn't seem sensitive, that's a red flag -- contact our security team immediately.

3. What Counts as "Sensitive"?

These kinds of actions will trigger Secret verification:

• Financial transactions or cryptocurrency operations
• Deleting important files or data
• Modifying system configurations
• Accessing or sharing confidential information
• Making purchases or subscriptions
• Changing security settings

Best Practices

Picking a Good Secret

• Memorable but Secure: Choose something you can easily recall but others cannot guess
• Avoid Common Patterns: Don't use sequential numbers (123456) or common words
• Mix Characters: Consider combining letters, numbers, and symbols within the 10-character limit
• Unique to Orion: Don't reuse passwords from other services

Keep It Safe

• Never share your Secret with anyone -- not even Orion support staff
• Don't write it down where others can find it
• Keep it out of emails, chat messages, and docs
• Only type it when a being specifically asks during verification

Stay Sharp

• Rotate it: Change your Secret every few months
• Act fast: If you think it's compromised, change it immediately
• Stay alert: Unexpected Secret requests are a red flag
• Check the logs: Review your activity history for anything suspicious

Why This Matters

AI beings are powerful precisely because they have autonomy and access. That's also why security can't be an afterthought. Here are the real risks we're designed to prevent:

• Session Hijacking: Unauthorized parties gaining access to your active being sessions
• Prompt Injection: Malicious attempts to manipulate being behavior through crafted inputs
• Context Confusion: Beings misinterpreting ambiguous requests as authorization for sensitive actions
• Compromised Credentials: External access to your account leading to unauthorized being commands
• Server-Side Attacks: Hackers attempting to extract sensitive data from Orion's infrastructure

The Secret feature puts you in the loop for anything that matters. You -- and only you -- can greenlight actions with real consequences.

Zero-Knowledge: We Literally Can't Leak What We Don't Have

Your Secret is completely unknown to Orion. That makes traditional attack vectors pointless:

• No Database Exposure: Your Secret isn't stored in our databases, so database breaches cannot reveal it
• No Server Logs: We never log your Secret, making log analysis attacks ineffective
• Injection-Proof: Prompt injection attacks cannot extract what Orion doesn't have
• API Security: Even if our APIs are compromised, attackers cannot retrieve your Secret
• Employee Protection: Orion employees have no access to your Secret, eliminating insider threats

When the being needs your Secret, it asks. Verification happens through a secure, ephemeral tool that never persists the value. Maximum security, zero friction.

Frequently Asked Questions

What if I forget my Secret?

No stress. Reset it anytime in Dashboard Settings. You just need to be logged in.

Can I skip setting up a Secret?

Technically, yes. But we really recommend it. Without a Secret, beings won't be able to perform certain sensitive actions on your behalf. It's a small step for a big safety net.

How is my Secret stored?

It's not. That's the whole point. We use zero-knowledge architecture -- your Secret remains completely unknown to us. Only a cryptographic hash is stored, never the Secret itself. This means:

• Orion cannot retrieve or view your Secret
• Your Secret is never transmitted to our servers in plain text
• Hackers cannot extract your Secret even if they breach our systems
• The verification process is ephemeral and leaves no trace

Maximum security, and beings can still verify your identity when needed through the secure verification tool. Best of both worlds.

Will beings bug me for my Secret constantly?

Nope. Only when doing something classified as sensitive or restricted. Everyday tasks and regular questions won't trigger it. You'll barely notice it's there -- until it saves you.