Great discussion. The worry I have with any stored key file is that I suspect many of the users resetting their passwords no longer have the old hardware. Their old one died. They bougt a new one. Signed in to their cloud accounts, and treated Firefox like any other cloud-based account. Maybe another question is: Of the user who are resetting their passwords, how many have zero devices currently connected to Sync?
On Mon, Aug 22, 2016 at 9:47 PM, Richard Newman <[email protected]> wrote: > My suspicion is that non-tech users do one of these things: > > 1. Blame themselves if they can't remember the answers. They remember > going through the process… gosh darn my bad memory, I'm just not good with > computers. > 2. Get the answers right (at least after trying different capitalization), > because they choose a question they know the answer to for each option. > Their favorite teacher or pet's name doesn't change. That's the motivation > for using memorable questions, despite the obvious weaknesses. > 3. Write the answers down and put them in the fire safe/Keychain > notes/Excel spreadsheet. This is actually a pretty decent security > tradeoff, and the process (particularly for FileVault!) strongly reinforces > that you can't screw this up. Similarly, it gives you a key to write down > and put in a safe place. I could find mine if I really looked for it, I > guess. >
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
