-
Notifications
You must be signed in to change notification settings - Fork 71
Account Recovery Feature
The Pixelated team started an implementation of account recovery based on various usability tests, target personas, and technical and security feasibility. Collaboration with both users and Leap members led us to design the approach detailed below.
Account Recovery Milestone: https://github.com/pixelated/pixelated-user-agent/milestone/4
In high level, the idea is that the user will set up a backup account, to which half of a recovery code will be sent to. The other half will be sent to the system administrators, with whom the user will have to contact to recover that account. These two codes will then function as a password, but the only possible action the user can complete with this process is to change the password.
Why did we choose to follow this approach?
- Splitting the code and sending it to different "trusted contacts" ensures the recovery code is not our weakest security breach
- We don't have to persist any other information from the user, since the backup email will be sent again every time the user asks for a new recovery code
- Though eventually this approach can be generalised for other users' setting up their own "trusted contacts", the system admin was an already existing trusted contact that we could count on for Pixelated installations
We separated this feature in two different flows: setting a backup account and recovering the account.
Steps:
- User adds backup email
- Soledad generates recovery code and encrypts the secret with the recovery code
- Pix User Agent sends this code to Bonafide to be saved in the Leap Webapp
- In case of success, User Agent send the recovery code to the user and admin accounts
- If the whole process is successful, we can now delete the old recovery code
Steps:
- User submits the parts of the recovery codes and the new password
- User Agent calls Leap Webapp through Bonafide to change password
- Soledad decrypts secret with recovery code and encrypts again with new password
- If successful, the User Agent logs in the user with the new password so the user can go to the their inbox