Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better Protect Secret Key #17

Closed
julien731 opened this issue Oct 15, 2015 · 3 comments
Closed

Better Protect Secret Key #17

julien731 opened this issue Oct 15, 2015 · 3 comments
Assignees
@julien731
Labels
enhancement feature request
Milestone
1.2

Comments

@julien731
Copy link
Owner

The secret key should not be displayed in clear text (security reasons). Instead, it should be retrieved by either:

  • Asking the user to re-enter his password and ask for confirmation that the current network is safe
  • Sending an e-mail to the user
@julien731 julien731 self-assigned this Oct 15, 2015
@christophwolff
Copy link

+1

@julien731
Copy link
Owner Author

julien731 commented Jul 31, 2016
edited
Loading

After thinking about this issue, I don't see a case where a non advanced user would need his secret key. Any advanced user would be able to retrieve it from the database. Consequently, the secret key should be removed from the user edit screen.

However, this means other changes have to be made in the overall activation process. Ad of now, a user can click "Generate Secret", which makes sense as the user then sees the secret key. If no key is displayed, though, this make a lot less sense.

From the user perspective, 2FA activation and secret key generation should be one and only one thing. See #28 for more details.

@julien731 julien731 mentioned this issue Jul 31, 2016
Open
@julien731 julien731 added this to the 1.2 milestone Jul 31, 2016
@julien731 julien731 mentioned this issue Jul 31, 2016
Closed
@julien731
Copy link
Owner Author

With #31 the secret key will now be removed from the dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julien731 julien731

Labels
enhancement feature request
Projects
None yet
Milestone
1.2
Development

No branches or pull requests
2 participants
@julien731 @christophwolff