So say some idiot (not me obviously…) had forgotten their account secret, how would I, or they get it back?
I believe if you (or some idiot) lose/forget your account secret it is not possible to recover it. Please correct me if this is not true.
As things stand you are stuffed, but this is obviously a problem that will need to be addressed, and has been discussed. For example, being able to nominate some trusted people who can ok your request to be re-authorised and reset your account.
Dang it, I/they were having a dabble with it a couple of weeks ago and came up with something to fit all of the ‘account secret’ rules (my/their typical account names were too short), but it has completely slipped my/their mind!
It’s not obvious that it must be addressed. Bitcoin private keys cannot be reset if you lose them. If I lose the $100 bill in my pocket, I don’t get a reset, nor if I lose my dog.
In the future I hope there are plans to use a hardware wallet to sign in. That way if the sign in key is ever lost, one could simply use a pass phrase generated by the hardware wallet to recall the sign in key.
It is in the plans somewhere
What about riddles and inside jokes? I’ve always found it annoying how companies want to ask me preset security questions, but the concept OF a security question makes sense. Better yet have the user create a riddle for themselves, or a couple of them. One they personally would know the answer to but an attacker would not. At some point you might even have an app writing these riddle for users. Input description of thing or event > Out pops personalized riddle. Once could store the riddle and answer locally the same way one stores a question and answer but one could also answer it directly and it could be more complex than “What is your favorite food?” or something like that.
But your account is going to hold a lot more value than $100 - or at least it will for a lot of people - their data, and in time SafeCoin.
More difficult is the pass phrase from hardware wallet or other BIP 39 wallet. In that case you need to remember (store) not only two password as Safe but twelve or more words. By comparison with other crypto solutions, safe, with only two passwords, is a great leap forward.
This reauthorisation can be a big hole in one of basic pillars of the Safe security. In my opinion, hard to do and very dangerous.
It would be a matter of choice - you don’t have to set this up - so it isn’t dangerous to provide the ability to manage risk in different ways. You can choose to rely on keeping credentials secure in order to minimise the risk of losing your data & funds, or you can enable and setup a recovery system that reduces those risks, but introduces other potential risks.
Hard is what MaidSafe specialise in.
I may have more bitcoin than $100!!
My point is that there is certainly precedent for NOT introducing the complexity and security risk that attempting to implement an “account secret reset” would entail, so I am taking issue with the premise that this is something that obviously needs to happen. It’s not obvious.
Valid, but SAFEnetwork is a mass market product, which is why to me it is different (and I think obvious - ok, perhaps just to me ). So do you think it is feasible for the general public not to have such a safeguard, and probably other options too?
Certainly it’s feasible. Will it lead to horror stories of lost data and coins on internet forums? Yes, it will. But those stories will still be there, no matter how many extra features you implement. I’m more concerned about stories of stolen data and coins that might result from opening up this hole.
It definitely a “nice to have”, I grant you. There may be compromises such as multi-sig, where you can create a separate secret and squirrel it away in a safe-deposit box. Then you need to lose two secrets to be locked out.
And this can be done outside of SAFE code (might use SAFE as storage) by giving each of your 12+ trusted friends one or two word each of your passphrase and you simply ring them and ask for the word(s).
If done right then no way anyone can reconstruct the passphrase from concluding with others you gave the passphrase to. Maybe if 6 of them did it might become possible to guess it after a while. So best to use friends that don’t know each other
Its most likely you will remember the passphrase you used after contacting one or two of your friends.
Use a phrase out of your will. Then only a few have a copy and they need to know both that you did and which phrase or combination there of you used
This topic was automatically closed after 60 days. New replies are no longer allowed.