Saving encrypted passcode locally? #170
Comments
|
The passcode needs to be reenter not only in new browser extension but also after a timeout period of inactivity. A different approach to avoid the "responsibility" of storing passwords is to use password managers |
|
I think most people do not have password managers. I imagine that if the browser extension gets substantial adoption, most users will store their Signify passcodes on their note-taking applications such as Notes on iOS which is synched with iCloud. These note-taking applications may be protected by weak passwords and potentially introduce an attack surface. Could it be that shifting the responsibility to the users may cause the ecosystem to be less secure? I am interested in hearing your thoughts on this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I understand correctly, the signify browser extension does not store Signify passcodes and requires the users to reenter their passcodes every time they opens new browser instances. My impression is that it is going to provide a bad user experience. Could the extension perhaps encrypt the passcode using a human-memorable password and store it locally in a similar manner to, e.g., Metamask?
This seems to be a security-convenience tradeoff. I am interested in learning how to significantly improve UX with minimal sacrifice to security.
The text was updated successfully, but these errors were encountered: