-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Saving encrypted passcode locally? #170
Comments
The passcode needs to be reenter not only in new browser extension but also after a timeout period of inactivity. A different approach to avoid the "responsibility" of storing passwords is to use password managers |
I think most people do not have password managers. I imagine that if the browser extension gets substantial adoption, most users will store their Signify passcodes on their note-taking applications such as Notes on iOS which is synched with iCloud. These note-taking applications may be protected by weak passwords and potentially introduce an attack surface. Could it be that shifting the responsibility to the users may cause the ecosystem to be less secure? I am interested in hearing your thoughts on this. |
If I understand correctly, the signify browser extension does not store Signify passcodes and requires the users to reenter their passcodes every time they opens new browser instances. My impression is that it is going to provide a bad user experience. Could the extension perhaps encrypt the passcode using a human-memorable password and store it locally in a similar manner to, e.g., Metamask?
This seems to be a security-convenience tradeoff. I am interested in learning how to significantly improve UX with minimal sacrifice to security.
The text was updated successfully, but these errors were encountered: