> including a system for using friends/family to certify recovery in the event of password loss
Having friends and family take ownership of partial secret keys is a non-starter. Few people would actually go to the lengths of distributing fractional secrets to their friends and family. Even fewer people would do a good job of not losing them over the years.
Outside of techie circles, account recovery is a relatively frequent occurrence. The majority of general public customers would prefer being able to recover their account even if it means a vanishingly small chance that the FBI would be able to access it in the even of an investigation.
> Few people would actually go to the lengths of distributing fractional secrets to their friends and family. Even fewer people would do a good job of not losing them over the years.
I feel like this is all a solvable UX problem. The secrets could be automatically distributed and stored on friends/family devices, could be integrated into iMessage directly. "Choose friends you trust to help you recover data." If N of your M designated friends and family still have access to their phone when you need to recover your backup then you can get access, maybe by presenting a QR code on each device you can scan, or a notification you can interact with after confirming identity via a phone call or something.
The secrets wouldn't require any actions to keep intact, they could always be synced into iMessage and included in your own backups. Kind of like you're operating a RAID array across your friends and family, N+X redundancy, so long as no more than X of your group needs recovery at the same time you're good.
Kind if an interesting approach actually, would be neat to build this into Matrix as an experiment.
There was a recent HN about a better way to protect bitcoin wallets that was like this.
I think the idea was, we already have multisig, where it takes M of N parties to perform a transaction. But that's no good for individuals everyday transactions.
But why can't M of N just be used to perform one special kind of transaction, which is "reset my password"?
And it doesn't have to actually be other people. If you don't have any friends you want to trust, the other M of N parts could all be other things of your own. Other devices, thumb drives, hardware keys, printed qr codes, memorized phrases, etc. Maybe some inconvenient to access but they exist if things get bad enough.
It seems perfectly doable, and the only reason the Apples and Googles of the world aren't doing it, or at least working on it, is because they're choosing not to.
Another comment actually said that Apple were working on this and eve had it largely worked out, and it was actively killed.
There seems to be no fundamental technical or user problem making good user security impossible. Simply too many powerful entities for their different reasons don't want most people to have it.
Having friends and family take ownership of partial secret keys is a non-starter. Few people would actually go to the lengths of distributing fractional secrets to their friends and family. Even fewer people would do a good job of not losing them over the years.
Outside of techie circles, account recovery is a relatively frequent occurrence. The majority of general public customers would prefer being able to recover their account even if it means a vanishingly small chance that the FBI would be able to access it in the even of an investigation.