-
Notifications
You must be signed in to change notification settings - Fork 0
Why?
Hi,
Creator of chaabi here. Writing down my thoughts behind the idea of chaabi.
First Principles
- We can create strong passwords any day
- But we can't remember all of them all the time. So we do need electronic storage
- We can't trust others' computers(e.g. online password managers) to store these secrets
- Our devices can be stolen,confiscated,have evil hidden programs
- Securing ~100% with just "password mechanism(or even with 2FA/U2F)" is not possible. Probably a better answer lies in behavioral authentication but until we have adoption of better mechanisms, what can we do?
I must say, trying to find answer to this problem is like going down rabbit-hole; but this is what we can do
We can make it tough for the attackers to get to our passwords and that comes with a trade off with our own user experience(e.g. Create password for password, 2FA, U2F and so on...Get frustrated and get back to square one)
So probably the problem statement I define would be
How can we make our own experience of remembering passwords better while keeping in mind the First Principles we defined?
Few answer that come to my mind
A. Train your brain. Create your own system of passwords that you can remember (e.g. mnemonic/patterns)
This can't be done as per principle#2
B. Create strong complex passwords and store them locally on your device in encrypted format (Chaabi)
I believe B could be the sweet spot between security and the UX we need.
Now if you'll excuse me, I have life outside "forgot password"