Well yeah they don’t offer any account recovery — that’s a sign the encryption might be trustworthy. It’s only a negative if you don’t care about that.
I myself thought no account recovery automatically meant safety. It sounds very cool. However, in the past week alone, around 10 users of Notesnook came asking for a way to recover their account because they had forgotten their password.
I mean, why should privacy be at such a huge risk to users' data?
For the tech savy, Notesnook offers account recovery by giving the user option (actual kind of forcing) to save the encryption key someplace safe. Not ideal, of course, but better than nothing.
So they download the encryption key (unprotected so no password needed) as a file, and they keep the file safe? That's the kind of thing I've been thinking about for an idea of mine. What did those 10 users ask about? How to use the encryption key file?
I see. Were they able to restore access once you explained? Or had they not saved it somewhere safe? I'm trying to understand the communication requirements around such a feature.
For most of them it seemed unnecessary; people don't realize the meaning of client-side encryption. I try to keep explanations very short and to the point.
> had they not saved it somewhere safe?
I had to delete 2 user accounts because they hadn't saved the key at all. All others had saved and were able to recover access. However, most didn't even realize they had saved it until I asked them to check their phone storage. A normal user would do anything to get past dialogs and popups, including clicking on random buttons.
The problem with that sort of thing is that you now have one of two situations
1. Either the key is only as secure as what ever random online service you have it backed up on (in which case, it might as well be stored at SN and save the user all kinds of headaches)
2. The key isn't backed up, and this won't be realized until the worst possible time.
1. That is up to the user. They can save it wherever they like: a secure online storage, a USB, a piece of paper...
2. True but there are a couple of things you can do: i) regularly remind the user via email and in-app notification to backup their recovery key. ii) force the user to download/copy the recovery key on login/signup.
By force, I really do mean force. Don't let the user use the app until they click the download recovery key button.
Well, putting a couple of USB drives in a sock drawer, garden shed, etc. is pretty secure. Point 2 is the tricky one, as communicating that necessity seems challenging.
Yes, that's why the garden shed or some other non-house location is good (leaving it with relatives in another city would be good too, and at work would be an option for some).
