Streamlined Passphrase Management for Improved User Experience

[ferristocrat]

Background

What is the problem/pain point?

Many users find managing encryption passphrases for account security and data encryption challenging and would prefer these aspects to be managed automatically. The current requirement for direct user management of passphrases can lead to a negative experience, with risks of passphrase loss or account lockouts.

Who is impacted?

• Users who prefer a hassle-free and secure experience without the need to manually manage encryption passphrases.
• Customer support teams dealing with passphrase-related queries and issues.

What is the impact?

Manual passphrase management can lead to user frustration, increased support tickets, and security risks if users opt for simpler, less secure passphrase practices. An automated system would significantly enhance user satisfaction and security.

Why now?

With the increasing demand for user-friendly security solutions, automating passphrase management is key to providing an intuitive, secure experience.

Requirements

User Story

As a Storj user, I want an intuitive and secure system for managing encryption passphrases, giving me the choice to opt-in or opt-out easily, so that my experience is tailored to my security preferences and needs.

Acceptance Criteria

1. New users are onboarded with an automated passphrase management system by default, eliminating the need for manual passphrase setup.
2. Existing users are provided with a clear and straightforward option to opt-in to the new passphrase system
3. Users who prefer manual control over their passphrases have an easily accessible opt-out method.
4. Both in app and in documentation is comprehensive communication detailing the advantages and disadvantages of using or not using a manual passphrase.
5. Ensure robust security and encryption of user data, irrespective of the user’s choice regarding passphrase management.
6. User experience, especially in terms of ease of use and understanding of security implications, is enhanced through these changes.

Designs
See https://storj.github.io/vuetify-storj for the latest source of truth.

Success Metrics

1. Monitoring the percentage of new users adopting the automated passphrase system versus opting for manual passphrase management.
2. Reduction in support tickets related to passphrase setup and management.
3. Positive feedback from users regarding the clarity of information and ease of use concerning passphrase options.
4. No compromise in data security and encryption standards following the implementation of the new system.

Tasks

Beta Give feedback

1. Design doc: Add support for satellite-managed encryption passphrases storj#6620
   Design Doc needs discussion +2
   

[ferristocrat]

@ferristocrat - Add @boshevski designs to this

[AlexeyALeonov]

Why is the "simple management"="store your encryption phrase on our servers" should be default?
I would add a confirmation from the user, that they are understand, that they will remove their ownership of data, opting-in to STORE their PRIVATE KEYS ON OUR SERVERS.

[jggleeson]

We should make sure we add documentation to this to make sure it's clear what we do and don't do. We'll want to look at the E2E and SS encryption sections.

Also, we should look at the ToS to make sure the change is consistent with the ToS or identify if the ToS need to change. Als this impacts the Disclosures page.