replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dev-fxacct digest..."
>
>
> Today's Topics:
>
> 1. Re: Improving password reset (Sean McArthur)
>2. Re: Imp
>
> Great discussion. The worry I have with any stored key file is that I
> suspect many of the users resetting their passwords no longer have the old
> hardware. Their old one died. They bougt a new one. Signed in to their
> cloud accounts, and treated Firefox like any other cloud-based account.
>
Great discussion. The worry I have with any stored key file is that I
suspect many of the users resetting their passwords no longer have the old
hardware. Their old one died. They bougt a new one. Signed in to their
cloud accounts, and treated Firefox like any other cloud-based account.
Maybe anoth
My suspicion is that non-tech users do one of these things:
1. Blame themselves if they can't remember the answers. They remember going
through the process… gosh darn my bad memory, I'm just not good with
computers.2. Get the answers right (at least after trying different
capitalization), becaus
On Tue 23.Aug'16 at 10:48:28 +1000, Ryan Kelly wrote:
> On 23/08/2016 10:43, Richard Newman wrote:
> > Under the hood there would be a bunch of shamir's secret sharing and key
> > wrapping palaver to actually make things go.
> >
> > You mean like wrapping the user's kB with their own kA (p
I thought we all assumed 'security questions' are just security
vulnerabilities, and just fill them in with `crypto.randomBytes(64)`.
On Mon, Aug 22, 2016 at 5:59 PM Julien Vehent wrote:
> On Tue 23.Aug'16 at 10:48:28 +1000, Ryan Kelly wrote:
> > On 23/08/2016 10:43, Richard Newman wrote:
> > >
On 23/08/2016 10:43, Richard Newman wrote:
> Under the hood there would be a bunch of shamir's secret sharing and key
> wrapping palaver to actually make things go.
>
> You mean like wrapping the user's kB with their own kA (prove ownership
> of your account) plus your friend's kB (prove
>
> Under the hood there would be a bunch of shamir's secret sharing and key
> wrapping palaver to actually make things go.
>
You mean like wrapping the user's kB with their own kA (prove ownership of
your account) plus your friend's kB (prove non-resetness of their account)?
Yeah, that's a dance,
On 23/08/2016 09:56, Julien Vehent wrote:
> On Mon 22.Aug'16 at 14:43:42 -0700, Richard Newman wrote:
>> Another option is to build a key escrow service, similar to the one Apple
>> hosts for FileVault encryption keys.
>>
>> A key escrow service would instead wrap a copy of kB with additional crypt
On 23/08/2016 10:17, Richard Newman wrote:
> Maybe we could build an escrow service that's still in control of
> the user,
> for example by splitting the recovery key using shamir's secret
> sharing and
> assigning each part to a recovery step, with a threshold of 3 to
> rec
>
> Maybe we could build an escrow service that's still in control of the user,
> for example by splitting the recovery key using shamir's secret sharing and
> assigning each part to a recovery step, with a threshold of 3 to
> reconstruct
> the recovery key.
>
> That's hard to do in practice, but s
On Mon 22.Aug'16 at 14:43:42 -0700, Richard Newman wrote:
> Another option is to build a key escrow service, similar to the one Apple
> hosts for FileVault encryption keys.
>
> A key escrow service would instead wrap a copy of kB with additional crypto
> — print-and-save keys, a long series of que
Another little bit of history: we discussed having a 'slider' when you set
up Sync, either per-account or per-datatype:
* I prioritize recovery over security: keep my data if I reset my password
(use kA)
* I prioritize security over recovery (use kB)
* I prioritize security over convenience (use "
Hi deep Syncers,
Users forget passwords. We can’t stop this; but perhaps we can eliminate the
instances of single-device users resetting their passwords and destroying
potentially the only back-up they have of their bookmarks, passwords, etc.
Some questions I’m aiming to get answered:
How many
14 matches
Mail list logo