-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SecureLogin App] Remove the "Legacy Password Generator"? #37
Comments
Wait this seems like two issues. I agree with removing the Legacy Password Generator, but as for removing the email, that definitely requires its own issue and a lot more discussion. |
Wow, you're fast. I updated my initial post to add yet another point :-) |
For the third point, I think "profile" is an easier term for a general user to understand. Having multiple profiles seems more intuitive than having multiple passwords ("wait, are these multiple passwords for the same account? or are they different accounts?"). |
Not very convincing, as, in your sentence, I can replace "passwords" by "profile" and the problem sort of remains: "wait, are these multiple profiles for the same account? or are they different accounts?" |
I see what you mean. Also, I do really like the idea of making an easier-to-understand menu for switching profiles/accounts/password! @homakov what do you think about the terminology we should use? |
I don't think it's necessary. Probably removing it is a good idea, but on another hand while legacy passwords are everywhere why not have a simple pw generator in our authenticator app that (for now) is kind of useless? 2-3. Profile is basically root which is result of scrypt. Email is stored along with root and offered to websites as communication channel. Generating a root without email i.e. scrypt(pw) would be a bad idea because of global bruteforce, not targetted. Removing profiles = you can't create another identity. Having multiple instances is an issue to power users, I would freak out if some app cloned itself for another account. Another word that could be used is identities. 1 identity can access 1 account on many services. User may have different identities with different emails for OPSEC. Using word "password" is strange because password is merely a seed for root hash, and is never stored or shared in it's canonical plaintext form. |
Yea, "identity" sounds good to me. |
It was difficult for me. For a moment I thought it was an "identification form auto-fill" feature, like in some password managers. I think it will be even more difficult for average users, especially if it appears on top of the app main window.
I don't have enough understanding to get your point. All I can say is that removing the email would make the whole thing so much cleaner...
Do you have a compelling use case for multiple passwords/profiles/identities? Can't you just remove this feature altogether, at least for now? This feature is very abstract. If you really can't remove it, I suggest you bury it behind an "Advanced" or "Expert" button.
That users don't care! Let them believe this password is used to access their web sites! |
You are right that I, personally, don't plan using more than one identity. But some people expressed need in privacy in other issues and another profile is best way for privacy. Removing profiles would make it a bit easier, but looking at main screen is not how app is intended to be used. We will add extra tooltips about what profiles are. |
The "Legacy Password Generator" just makes SecureLogin even more difficult to understand. Is it really useful?
My understanding is that user email serves no purpose in your system. Why not removing it?
Asking for user email has the following drawbacks:
I know you use the email as a profile name. See below.
Understanding what "profile" is about is difficult. It is just a character string to identify the active password, isn't it? I suggest you:
The text was updated successfully, but these errors were encountered: