Clear saved accounts

[tijno]

Users should be able to clear the logins saved in Identity & wipe localStorage.

Especially when using on a shared computer.

I added a PoC - let me know if you would like me to PR this.

[maebeam]

Thanks for the suggestion. We will need to implement a log out flow for an individual account whereby a user verifies they know their seed phrase before clearing their accounts.

[tijno]

Ok so rather than have 1 "clear all" button, have individual buttons that show a "do you know or have safely stored your seedphrase for this account?" confirmation popup before clearing.

[maebeam]

Yes indeed

[maebeam]

We should ask them to either type in their seed phrase or type in "skip"

[maebeam]

There could be an option to sign out of all accounts that would require them to type something longer like "i understand log me out"

[metaspartan]

Yea maybe even just secondary confirmation and just use clear()

Any thoughts on encrypting all data stored in local storage for additional security?

[tijno]

@maebeam would it be ok just to have a single button to remove all, using the same step1 step2 approach as the sign-up component for confirmation with a i understand log me out confirmation text ? So not have removal of individual profiles.

@carsenk probably best to create separate issue for encrypting all data to discuss a change to do that? That way they can agree its worth working on before you spend time on it?

I have a feeling it may be a conscious decision why they haven't encrypted all data so would be good to get that background info.

[maebeam]

@tijno i'm ok with a flow that signs out of all accounts if the user types some text a la sign up flow

@carsenk if you'd like to propose this please open a new issue. however, i don't see what benefits we would get from encrypting the data in local storage. what would it be encrypted with?

[metaspartan]

@tijno i'm ok with a flow that signs out of all accounts if the user types some text a la sign up flow

@carsenk if you'd like to propose this please open a new issue. however, i don't see what benefits we would get from encrypting the data in local storage. what would it be encrypted with?

Pubkey data maybe I was thinking, but yea really kind of just pointless, nevermind 👍

[tijno]

@maebeam please check copy & flow below

ones happy with that side I will finalise and submit at PR

copy in confirmation screen:

Wipe Login Data

Confirming this step will remove your login data from your browser. If you use a seedphrase to login to your account, make sure you have recorded this securely.

Enter "i understand log me out" to confirm you really want to wipe your login data!

By proceeding, you agree that you will need to re-enter your seed phrase on login to access your account.

[maebeam]

Looks close enough! Open up a PR and I can push a tweak to your branch if need be. Thanks for doing this tijn!

[tijno]

pr #39
closing issue