Can confirm the same, no need to renew.
When I get a bit of time I’ll set up a tread to tease out the idea
)This in parallel to your great effort @Josh, just trying to see if a free path is viable 
90% of work is done ?
Yup that 
Mav has explained the main part of the solution, which isn’t too far off what you are envisioning. The underlying system does indeed have a single ‘root secret key’ at it’s heart, and the user recreates this to gain access to their data. But there are a few other important parts to the picture here from a security POV:
I’ll go in to more detail in the coming weeks on the UX of the full proposal, but in brief:
The initial act of creating a new set of Safe credentials—the key set that allows the user to recreate their root secret key—involves the user choosing a password (something that they know) and also having a strong passphrase generated for them (something they have). This is the most basic 2-of-2 style setup, which provides a strong set of credentials for their data on and off the network.
But it’s not yet resilient against loss (because if I lose either of those elements I’m stuck), and not super convenient to use (because even though we can make entering the passphrase pretty slick, it still a bit time consuming).
So, they user can generate additional Passphrases to act as backups, and store them in different locations, and they can also use a device they trust, like their phone as additional ‘device keys’ that way they can avoid having to enter a passphrase each time.
This can then move them from a strong but somewhat more precarious 2-of-2, to a more flexible and resilient k-of-n of system of their choosing.
So if they forget their password, they could regain access via, say, a backup passphrase and device key(s). Likewise they could kill access via devices they no longer trust, or they can build a system they could travel across boarders with requiring no hardware at all.
I look forward to sharing some pixels and explaining more about the concept soon!
It would be great not having any password at all. For example if you wanted a login where you need two keyshares to login you could have a mobile app that stores one keyshare, in Apple Keychain in iOS for example,then the keyshare would be unlocked with face/touch id or a pin. The other keyshare could be on a computer or some hardware key. Then on your computer you’d just click login and unlock the keyshare with a pin, a notification would pop up on the phone to confirm and then you’d be in.
Yeah, what you are describing is what these ‘device keys’ will enable. If you wanted to you could set them up like that, using biometrics on devices you trust to protect these keyshares, and make for speedy access.
But you would still be wise to set up both a password, and have backup phrases, incase you wanted to use a shared computer, or if you lost trust in (or lost physical access to) you devices.
It’ll be pretty flexible I think.
Looking forward to it!
And great to hear that the testnets are of help in your work. I think many here - or me at least - have strayed off from thinking the testnets as a testnet, expecting them to be demonets. Showpieces instead of tools, so to speak. But good to get that tool back in the toolset again.
About the CI, why is it that almost always some tests are passing in some operation systems, but not anothers? Just a curious layman wondering here. (You know, the year is 2021, that is The Future + 21 years for Gods sake, and every morning I am waiting for a talking robot to make a breakfast for me, but no…) I mean, how difficult can it be to make some code to translate automagically to every OS out there?
It has to do with many issues, network stacks, block sizes, stack sizes and more. The kernel of these OS’s is different and they all make different decisions on many things like the number of open file handles (that was a showstopper for using TCP) and more. Like getting web apps to work in all browsers it’s just a PITA at times. However a load of the work has been to reduce use of open files and better ram utilisation, however, even the polling mechanisms for threads is also a challenge as some are sync and some async. So to get the best of each means finding that sweet spot, or have different code paths for each OS which we try and avoid as much as possible.
Thanks for your explanation, but unfortunately it was way above my laymans head 
Layman would expect that all those things you mentioned would be somehow mapped somewhere, and some clever engineer would have made some kind of open source translator, that can take those things into account. Or at least some kind of warning system that would pre-emptively raise a flag when someone writes a code, that “Hey, you know, this works on Win and Mac, but not Linux.”
But I know you would be using such a tool if only it existed, so this just ranting and rolling my eyes for the way things are not. It’s just that as a kid I thought that video calls are something extremely futuristic and now it’s just everyday event and the device in my pocket is able to do all kinds of magic I never even dreamed off. There is this weird async in the technological developement, so that it in some areas it is so much more than expected, and in another areas surprisingly clumsy. I guess here it is because you are working on the very roots of it all.
Your example would be closer to reality if you said "Hey, you know, this works on Linux and Mac, but not Win.”
I know what you mean, but check this out: https://github.com/maidsafe/safe_network/actions/runs/1345418556
Ubuntu is the one not passing. It seems to me that there is really no rule to how it goes in these tests.
That just looks like a simple path error where files are not were it expects.
Well yeah, when we get any more in the flesh of it all, I am lost. 
I have just been noting that almost every test is failing in one system or another, without any self-evident pattern, and assuming that if it is something simple, it would be solved. But I have also been noting that PR’s are merged even if some tests are failing, so I don’t really know what is the significance of those tests. 
Edit: Oh, and what files are those that are not in the right place? Some files that the tests tried to store in the testnet?
Thanks Josh.
I left a comment on the PR. It would be great if we could maybe have a try at providing the ssh keys with some automation rather than just documenting it. Have left some more details in the PR.
Feel free to ask questions in the testnet tool thread.
Cheers,
Chris
Great to hear that cli and api are now merged! I’m not sure if there is still a need for CLI GUI but this definitely helps in making it more stable for the general user.
Individuals can be targeted no matter what though.
Do you mean that usernames won’t be used to login to accounts? I’ve always felt that requiring a username is pointless if you have an acceptable password (which could easily incorporate one’s usual username too).
This is true. If you hash a password and used that as a location name (username) then it’s as secure as your password as hash is not reversible. However the username allows change of password, but again that’s also doable with NRS and the like where the reserved name can change owner. So Safe is a bit different and should be IMO.
I have a very basic Kubernetes setup running on my local machine right now and about to feed it some logs from a local baby-fleming
Then Im going to attempt to add to the cluster and see what security issues arise. All going well I’d like to discuss how that could best be hosted on the existing DO droplets. Remembering of course that this has to integrate with your CI/CD pipeline
Cool, sounds like you’re making good progress. Let’s continue discussion about it in the testnet tool thread.