Client: [web] Add some kind of multi factor login

This is a must.

GitHub and Slack are both doing this. Not that we should always follow their lead, but sine Keybase does provide similar services from them, potential users will be looking for those features.

One would also hope that people are using an extremely strong passPHRASE and not a password.

I agree that we need better protection around account delete and reset. We
will be fixing that shortly. However I don’t agree that two factor is the
right play for this because people often need to reset precisely because
they lost their password or second factor. Our current thinking is to
change reset so it is on a delayed fuse, with email notifications. That way
if some knows your password but hasn’t owned you, you can cancel the reset
via email. If someone had owned you it is hard for us to help. Still work
in progress (and a super annoying problem!).

Another thing we might do btw is to allow users to say they never want
their account deleted or reset. They could sign such a statement into
their sigchain. I for one would do that.

On Sat, Feb 17, 2018 at 9:55 AM Robert Freeman-Day notifications@github.com
wrote:

GitHub and Slack are both doing this. Not that we should always follow
their lead, but sine Keybase does provide similar services from them,
potential users will be looking for those features.

One would also hope that people are using an extremely strong pass_PHRASE_
and not a password.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/keybase/client/issues/10598#issuecomment-366446493,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA05_zdhOtlSYXyQ_q0Eg9B_Dt1AAwZbks5tVuhagaJpZM4SJP8q
.

Another thing we might do btw is to allow users to say they never want
their account deleted or reset. They could sign such a statement into
their sigchain. I for one would do that.

YES YES YES YES YES!!!!

I don't want a nuclear switch on my account just because some normies don't know how to manage keys properly.

An alternative would be to give different devices different rights. It might be worthwhile to give a well-backuped paper key the possibility to reset the account but not the accounts in daily use.

But account reset only makes sense if a user loses all devices.

On Sun, Feb 18, 2018 at 6:53 AM Christian Kleineidam <
[email protected]> wrote:

An alternative would be to give different devices different rights. It
might be worthwhile to give a well-backuped paper key the possibility to
reset the account but not the accounts in daily use.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/keybase/client/issues/10598#issuecomment-366510531,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA05_5ozm6ALucaNFEcRP08JQdRI66xYks5tWA8sgaJpZM4SJP8q
.

I really like the opt-in nerfing of the web login.

Don’t let web do anything, I’ll sign anything to get that piece of mind.

The legacy web I guess needs to remain for legacy accounts as well as maybe a few convenience tools for people who can’t install keybase. (Encrypt and Verify, as well as downloading files from public kbfs)

But I want to make it so that even if you log into my web, you can’t really do anything. (Though iirc there are a few settings you can only modify via web login??? Is that still true? Those should be added to the client if so.)

I am very much for the option to use 2 factor. I either use a password manager to get into keybase or I type a password myself. In both cases someone could get the password - but with a 2nd factor they cannot. No 2 factor would actually rule out using keybase in public for me.

The option to disallow account reset sounds great!

IMHO, limiting what the malicious user can do once it already gets in sounds like a bad approach for security. Having a single password protecting your entire keybase account sounds illogical. 2FA is the minimum safety measure I think. Of course, if we could sign in using our PGP key, that would be much better.

Right now the only thing a malicious user could do with my password is delete my account or reset my keys... or change my email.

By disabling those things, they can’t do anything anymore.

Look at my pretty face, and queue up tons of proofs they can never sign..... I guess. lol

What about if the user uploaded a private key? Then he would be able to
download it?
Also, the passphrase for the private key is the same as the login? If so,
it's much worse.

On Mon, Mar 19, 2018 at 12:07 PM, Dabura667 notifications@github.com
wrote:

Right now the only thing a malicious user could do with my password is
delete my account or reset my keys... or change my email.

By disabling those things, they can’t do anything anymore.

Look at my pretty face, and queue up tons of proofs they can never
sign..... I guess. lol

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/keybase/client/issues/10598#issuecomment-374245460,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAJ3qouXFxFw0Kc_pTnYJu6HY2CwDMhJks5tf8m8gaJpZM4SJP8q
.

That is only for legacy users. Their "2FA" would be "stop uploading the private keys to our servers and use the device key system."

Of course, this is only after the options on the website are nerfed, and equivalents can only be accessed via clients.