First impressions - beta

[coldwell]

Unboxing I was pleasantly surprised by the drawstring bag. Feels nice, well-labeled. I wonder if the dice packaging could be paper wrapped instead of plastic bag? I promptly dumped the dice in the bag, shook them, and poured them into the base of the case.

After getting the dice in place, it dawned on me that I didn't know what's next. Find an app? Go to a website? Only at this point did I refer back to the instructions online. It might've been nice to have a QR code or website somewhere on the packaging to indicate where to go next.

I played with scanning; the camera selection was a little bumpy, and it never stopped using the camera after I took a picture (this may be resolved by now... it's been a few days). It had no problem scanning my code.

Again, I thought "what now?". I saw the password selector at the bottom of the app and played with that. A password generator is great, but how do I store them? What about password managers I already have? How to load the key onto a hardware key? I love the dicekey hardware, but now that I have it, I am unsure how to really put it use.

I have also been hesitant to commit to a code and lock the case. I think I would prefer the case have an option to open in case I need/want to change the code. I don't have a solid use case for this, so perhaps that's a more emotional than rational desire. Until I commit, it's a toy on my desk :)

[MichaelKing1832]

I had a very similar impression. I'm currently working out the use cases, but the thing I keep coming back to is how often I will need to keep my DiceKeys handy to scan and generate one of the derived passphrases. That makes using (and opening) my DiceKeys as often as I need to enter a passphrase for any of those popular services.

I login to my password manager every time I open my browser. Or possibly to unlock my desktop. DiceKeys is clearly a non-starter for daily use or more frequently for me.

Pairing it with a U2F/FIDO keyfob will likely be critical. I have several Yubikeys and they work well with existing LastPass 2FA token integration. I hope that can be added to DiceKeys and to be able to load the DiceKeys "key" into a 2FA token for daily use and the DiceKeys can be kept in a safe and retrieved only for recovery or adding/replacing a new token.

[coldwell]

Pairing it with a U2F/FIDO keyfob will likely be critical.

IMO this is the primary use case. It actually enhances that use case, in that if I lose/break my fob, I can start over with my dicekey and a new fob and get back up and running. I'm anxious to get the accompanying SoloKey, so I can try out that scenario!

[hmmmbacon]

I'm up there with Coldwell. Not yet sure what the next step is. If the box locks and therefore the password cannot be changed, is it only for my password manager? If I have to use the same password on all sites, is that risky? I never use the same password twice right now, but have LastPass to handle it all. I have put together the box with the lid sideways so that it cannot lock but still stays together. But then, if I generate a new password for a site, how would I know what the previous password was and what site it was for? If I take a photo of the password, I would guess I would put it on my phone in a private note? Put it in the password manager? I love this idea, just not sure what is next. I already have a SoloKey but have not used it much as I also have YubiKey and it works with LastPass. Is there a way to generate the password with DiceKeys and somehow get it into the SoloKey? So many questions I have. LOL I'm very excited about this project and hope to really get into it soon. So far have just been messing around and seeing what happens. And trying to get my scanning perfected with the right angles, lighting, etc. so it goes faster.

[dragon788]

I've been using LastPass for a long while and it is improving, but it has been YEARS and a lot of the features still don't work as smoothly as I'd hope, and it does weird crashy things on Android when using it via a personal profile against apps in a work profile, so I've been meaning to try out 1Password and with their new Privacy.com collaboration it seemed like as good a time to jump in as any.

It was really easy to generate a password and verify I was able to get the same password several times for the master password. Luckily for me I had chosen the option to save my "Emergency Kit" and saved out the password to an offline format, because just as I was getting ready to set up my 2FA in 1Password I managed to drop my DiceKeys before locking in the case...........

Without the ability to rescan the DiceKeys to get the master password I had to go to the backup I had thankfully JUST created, and then after I rerolled and LOCKED IN my DiceKeys, I updated my password to a new one, and THEN enabled 2FA and got my security key added. It really can't be stressed enough, either LOCK IN your DiceKeys before generating passwords, or take a photo or use a secure app like Signal or Keybase or Telegram to send yourself or somebody you REALLY trust an ENCRYPTED message with the password in case you are a klutz like me.

@hmmmbacon I believe it generates a different password for every site in the dropdowns, using a combination of the site name or URL and the "shared secret" that is the faces of the DiceKeys. There is a custom option that you can test with something like google.com and compare the password to goggle.com and it should be different.

[UppaJung]

@dragon788 dragon788@deik.me, do remember that the passwords will change soon with an update to the app.

On Thu, Oct 1, 2020 at 12:11 PM dragon788 notifications@github.com wrote:

I've been using LastPass for a long while and it is improving, but it has been YEARS and a lot of the features still don't work as smoothly as I'd hope, and it does weird crashy things on Android when using it via a personal profile against apps in a work profile, so I've been meaning to try out 1Password and with their new Privacy.com collaboration it seemed like as good a time to jump in as any.

It was really easy to generate a password and verify I was able to get the same password several times for the master password. Luckily for me I had chosen the option to save my "Emergency Kit" and saved out the password to an offline format, because just as I was getting ready to set up my 2FA in 1Password I managed to drop my DiceKeys before locking in the case...........

Without the ability to rescan the DiceKeys to get the master password I had to go to the backup I had thankfully JUST created, and then after I rerolled and LOCKED IN my DiceKeys, I updated my password to a new one, and THEN enabled 2FA and got my security key added. It really can't be stressed enough, either LOCK IN your DiceKeys before generating passwords, or take a photo or use a secure app like Signal or Keybase or Telegram to send yourself or somebody you REALLY trust an ENCRYPTED message with the password in case you are a klutz like me.

@hmmmbacon https://github.com/hmmmbacon I believe it generates a different password for every site in the dropdowns, using a combination of the site name or URL and the "shared secret" that is the faces of the DiceKeys. There is a custom option that you can test with something like google.com and compare the password to goggle.com and it should be different.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/dicekeys/beta-program/issues/43#issuecomment-701818156, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7AOZYHXEC5ZVGBREIOM4DSIPXNPANCNFSM4R56G26A .

[UppaJung]

@coldwell We'll be including an instruction sheet with the DiceKeys after the beta. I'll be sending it out for feedback to the beta list -- likely in the coming week.

[jeff3f]

My experience too, "what to do next?" That includes github, because I'm a civilian and normally don't use github, I found this part of the beta by googling, and felt like either I wasn't told or else I did a poor job of reading my email!

Dice look nice, like dice; playing with the dice gives minimal wear and the printing survives mild fingernail scraping and grinding of dice together in fist (too many dice to hand throw but still it's how I handle dice).

The dice are smaller than I expected but that's fine as it's a lot of dice to have to roll and the dice are nice (good quality printing and do not look like a beta product).

I feel like it would be normal to play with them a bit before locking in a key, and the indentations in the bottom of the box facilitates this nicely. I strongly prefer for the tray to lock and not open again, because that's the only way to be sure the code is still there later on. Pouch looks nice, good quality silkscreen on the outside and good for dual purpose of rolling dice and storing key. While a plastic box might look like "junk", something in a nice fabric pouch with silkscreened printing will stand out (in a home safe) and while it is labeled, it's not labeled well enough for someone finding this to find out what it is (ie in the future when I pass on and my next of kin are going through my things.

As it is currently, on iOS the app isn't working, looks like it flips quickly between allowed and not allowed (iOS asks me to give the app permission to use the camera). This bug looks like it's been filed already. I was able to get a scan in an earlier iOS version, but I didn't do anything because I was busy photographing all the die faces because I was curious about the dot code on the faces (would be neat to have a short document explaining the dot encoding).