[SecureLogin App] Remove the "Legacy Password Generator"?

[steph643]

The "Legacy Password Generator" just makes SecureLogin even more difficult to understand. Is it really useful?

My understanding is that user email serves no purpose in your system. Why not removing it?
Asking for user email has the following drawbacks:

• More complex UI
• End users will think you'll use their email for some dark purpose
• Cryptographic expert will say that using a piece of public data to generate a secret is a weak spot

I know you use the email as a profile name. See below.

Understanding what "profile" is about is difficult. It is just a character string to identify the active password, isn't it? I suggest you:

• Forget about the term "profile"
• Replace it by the notion of "active password" and "password label"

[andrewda]

Wait this seems like two issues. I agree with removing the Legacy Password Generator, but as for removing the email, that definitely requires its own issue and a lot more discussion.

[steph643]

Wow, you're fast. I updated my initial post to add yet another point :-)

[andrewda]

For the third point, I think "profile" is an easier term for a general user to understand. Having multiple profiles seems more intuitive than having multiple passwords ("wait, are these multiple passwords for the same account? or are they different accounts?").

[steph643]

Not very convincing, as, in your sentence, I can replace "passwords" by "profile" and the problem sort of remains: "wait, are these multiple profiles for the same account? or are they different accounts?"
It's very tough to understand and you'll get people lost.
Maybe you should remove multiple profiles/passwords altogether and replace this notion by several instances of the SecureLogin app and a "choose app icon" menu (just like people using several DropboxPortableAHK instances on the same computer).

[andrewda]

I see what you mean. Also, I do really like the idea of making an easier-to-understand menu for switching profiles/accounts/password! @homakov what do you think about the terminology we should use?

[homakov]

1. was it difficult to understand for you or you think it would be for average user? You probably realize it's just a tiny unrelated utility to generate pw based on a string like domain name (for people like who gross out to install a full blown pw manager).

I don't think it's necessary. Probably removing it is a good idea, but on another hand while legacy passwords are everywhere why not have a simple pw generator in our authenticator app that (for now) is kind of useless?

2-3. Profile is basically root which is result of scrypt. Email is stored along with root and offered to websites as communication channel.

Generating a root without email i.e. scrypt(pw) would be a bad idea because of global bruteforce, not targetted.

Removing profiles = you can't create another identity. Having multiple instances is an issue to power users, I would freak out if some app cloned itself for another account.

Another word that could be used is identities. 1 identity can access 1 account on many services. User may have different identities with different emails for OPSEC. Using word "password" is strange because password is merely a seed for root hash, and is never stored or shared in it's canonical plaintext form.

[andrewda]

Yea, "identity" sounds good to me.

[steph643]

was it difficult to understand for you or you think it would be for average user?

It was difficult for me. For a moment I thought it was an "identification form auto-fill" feature, like in some password managers. I think it will be even more difficult for average users, especially if it appears on top of the app main window.

Profile is basically root which is result of scrypt. Email is stored along with root and offered to websites as communication channel. Generating a root without email i.e. scrypt(pw) would be a bad idea because of global bruteforce, not targetted.

I don't have enough understanding to get your point. All I can say is that removing the email would make the whole thing so much cleaner...

Removing profiles = you can't create another identity. Having multiple instances is an issue to power users, I would freak out if some app cloned itself for another account.

Do you have a compelling use case for multiple passwords/profiles/identities? Can't you just remove this feature altogether, at least for now? This feature is very abstract. If you really can't remove it, I suggest you bury it behind an "Advanced" or "Expert" button.

Using word "password" is strange because password is merely a seed for root hash, and is never stored or shared in it's canonical plaintext form.

That users don't care! Let them believe this password is used to access their web sites!

[homakov]

You are right that I, personally, don't plan using more than one identity. But some people expressed need in privacy in other issues and another profile is best way for privacy.

Removing profiles would make it a bit easier, but looking at main screen is not how app is intended to be used. We will add extra tooltips about what profiles are.