Open vLooz opened 9 years ago
andreis
commented
9 years ago I just fixed a typo in your message. Being a repo/org admin is funny. :laughing:
Sounds good, if @piggyslasher has time to implement this, great, otherwise let's throw it in the backlog.
vLooz
commented
9 years ago I think restricting users to only be able to mess up with the keys, when they are expert users, is quite important right now to avoid endless support tickets a la "my keys are gone, what do I do now?"
The rest is low-prio, I agree.
vviikk
commented
9 years ago +1 for the fact that we are not going to let a user delete his last private key. even an expert user. if they wants to delete thieir last key they will be taken to a shutdown your account page which would need his/her password.
vLooz
commented
9 years ago 'shutdown your account' could then be leading to this https://github.com/lavab/web/issues/286
I have some ideas about how to restructure settings, so that it's a bit more intuitive and provide more features:
_GENERAL
User Interface --> Hide "Language" or even whole "User Interface" until we have +1 languages.
Mail Behavior --> move to security settings
--> Add Expert Mode On/Off with info text: "The expert mode gives you deeper control over security settings, but it’s much easier to heavily mess things up. Only activate, if you know what happens, when you loose or delete your KeyPair and if you understand how Lavaboom Sync works."
In Expert mode, the user gets more access to crucial security settings; she is now able to delete and generate new KeyPairs, change their encryption passwords, disable LavaboomSync, activate Paranoid Mode (see more below)
_SECURITY
Change Password --> Add Info text „Beware! We can't set your password back! That's one reason why we are so secure. So, when you forget it, you loose access to your account forever. Only change your password, when necessary!"
Keys --> move to new section "Settings/Keys"
--> Add Paranoid Mode (more info here: https://github.com/lavab/web/issues/721) On/Off with info text: „If you require absolute privacy and security, and don’t care for decreased usability, then Paranoid mode is for you. You will need to backup and manually transfer your private key to any browser and device you want to use Lavaboom on."
When Paranoid Mode is activated, all security settings below are deactivated and greyed out. A pop up appears (are you sure?), explain the consequences, forces the user to backup the key pair and suggests to buy a UbiKey (link?) Important: When Paranoid Mode is deactivated again, the security settings go back to the state before.
Mail styling security --> Add info text about the reasons, external images are insecure etc (@andreis?) Allow External Images Allow Styling (exchange dropdown by toggle switch)
Lavaboom Key Sync --> Add Info text: „Lavaboom Sync encrypts your KeyPair with your Account Password to synchronize it between all your devices."
_KEYS
--> move KeysPair here --> add „Edit Keys“ button to the top right header - only appears in Expert mode!