This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Suggestion for a new feature: secure Master Password recovery
Presently I am sure many 1P users are writing down their Master Password <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_phone.png' class='bbc_emoticon' alt='(mp)' /> somewhere, worried they'd forget it. Yet it it likely they could have no access to the written MP at times of need (e.g. they could be traveling, they could forget where they wrote it down..), plus writing down the MP makes them more vulnerable.
I think a new optional feature allowing the users of 1P to recover their MP by answering to a series of questions would be most welcome, if well implemented. To ensure a high security standard, the Q&As would have to be written down entirely by the 1P user (no custom questions!), to recover the MP one would have to answer all questions correctly at the same time (and in no way he should be able to tell whether he answered a questions correctly without answering all questions correctly at the same time), and he should be able to write hints at what the answer should be (this increases security, as it allows for tougher questions).
An additional layer of security could be provided by the use of mTANs (mobile transaction authentication numbers, see
http://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_with_CAPTCHA_.28iTANplus.29 ),
which would require nothing written down on a piece of paper (which could be not accessible, lost, stolen etc).
I definitely would be happy to see this feature implemented, and I think many other 1P users would too.
I think a new optional feature allowing the users of 1P to recover their MP by answering to a series of questions would be most welcome, if well implemented. To ensure a high security standard, the Q&As would have to be written down entirely by the 1P user (no custom questions!), to recover the MP one would have to answer all questions correctly at the same time (and in no way he should be able to tell whether he answered a questions correctly without answering all questions correctly at the same time), and he should be able to write hints at what the answer should be (this increases security, as it allows for tougher questions).
An additional layer of security could be provided by the use of mTANs (mobile transaction authentication numbers, see
http://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_with_CAPTCHA_.28iTANplus.29 ),
which would require nothing written down on a piece of paper (which could be not accessible, lost, stolen etc).
I definitely would be happy to see this feature implemented, and I think many other 1P users would too.
Flag
0
Comments
-
That's a very interesting idea, and I'll be glad to pass it on to our developers for their consideration. The only concern is that any backdoor, or way to restore your master password, regardless of how well it's implemented can put your data at risk and that's really not something we want to do.
I'm not saying that we'll never have such a feature, but I just can't promise any timeframes for if or when it may be available.Flag 0