Just a brief write-up on what the account secrets mean. Previously we had PIN, Keyword and Password. PIN (used as salt) and Keyword generated the location of login packet on the safe network and once that is fetched, PIN and Password decrypted the login packet. We thought asking the user to type all three was an overkill and went for only one secure Account password. Then internally we derived all three - for e.g. right now it’s done quickly as sha512 of the password and divide it into 3 parts. However this meant that this one password was to be considerably secure and now it seems that this is not very user friendly either, because many people are not very keen on choosing a long, complicated super secure password.
So we are going for a requirement of 2 user passwords. What this would mean is that each password need not be as complex as previously when there was only one. The 1st password will derive the location of account packet in the Network and the 2nd password will decrypt the packet, so ideally both should be secure but 2nd is more important than the first.
As usual, we will again derive the 3 internally and actually use those.