search

storj / roadmap

Storj Public Roadmap
Other
11 stars 4 forks source link

Storj-Managed Passphrases #94

Open ferristocrat opened 10 months ago

ferristocrat commented 10 months ago

Background

What is the problem/pain point?

Many users find managing encryption passphrases for account security and data encryption challenging and would prefer these aspects to be managed automatically. The current requirement for direct user management of passphrases can lead to a negative experience, with risks of passphrase loss or account lockouts.

Who is impacted?

What is the impact?

Manual passphrase management can lead to user frustration, increased support tickets, and security risks if users opt for simpler, less secure passphrase practices. An automated system would significantly enhance user satisfaction and security.

Why now?

With the increasing demand for user-friendly security solutions, automating passphrase management is key to providing an intuitive, secure experience.

Requirements

User Story

As a Storj user, I want an intuitive and secure system for managing encryption passphrases, giving me the choice to opt-in or opt-out easily, so that my experience is tailored to my security preferences and needs.

Acceptance Criteria

  1. New users are onboarded with an automated passphrase management system by default, eliminating the need for manual passphrase setup.
  2. Existing users are provided with a clear and straightforward option to opt-in to the new passphrase system
  3. Users who prefer manual control over their passphrases have an easily accessible opt-out method.
  4. Both in app and in documentation is comprehensive communication detailing the advantages and disadvantages of using or not using a manual passphrase.
  5. Ensure robust security and encryption of user data, irrespective of the user’s choice regarding passphrase management.
  6. User experience, especially in terms of ease of use and understanding of security implications, is enhanced through these changes.

Designs See https://storj.github.io/vuetify-storj for the latest source of truth. image image

Success Metrics

  1. Monitoring the percentage of new users adopting the automated passphrase system versus opting for manual passphrase management.
  2. Reduction in support tickets related to passphrase setup and management.
  3. Positive feedback from users regarding the clarity of information and ease of use concerning passphrase options.
  4. No compromise in data security and encryption standards following the implementation of the new system.
### Tasks
- [ ] https://github.com/storj/storj/issues/6620
ferristocrat commented 8 months ago

@ferristocrat - Add @boshevski designs to this

AlexeyALeonov commented 8 months ago

Why is the "simple management"="store your encryption phrase on our servers" should be default? I would add a confirmation from the user, that they are understand, that they will remove their ownership of data, opting-in to STORE their PRIVATE KEYS ON OUR SERVERS.

jggleeson commented 6 months ago

We should make sure we add documentation to this to make sure it's clear what we do and don't do. We'll want to look at the E2E and SS encryption sections.

Also, we should look at the ToS to make sure the change is consistent with the ToS or identify if the ToS need to change. Als this impacts the Disclosures page.

mobyvb commented 4 months ago

@AlexeyALeonov

Why is the "simple management"="store your encryption phrase on our servers" should be default?

This was just an initial design. We discussed this with Tome, and decided to change the design so that no option is selected by default, and the user is required to explicitly select the option they want. Hopefully this is satisfactory.

mobyvb commented 4 months ago

@jggleeson

We should make sure we add documentation to this to make sure it's clear what we do and don't do. We'll want to look at the E2E and SS encryption sections. Also, we should look at the ToS to make sure the change is consistent with the ToS or identify if the ToS need to change. Als this impacts the Disclosures page.

Ticket created: https://github.com/storj/storj/issues/6980

boshevski commented 4 months ago

Seeking feedback on the new design concept for the encryption preference step in account onboarding (see screenshot).

updated

Key points:

Presents two options: Storj Managed Encryption (recommended) and Self-Managed Encryption
Aims to communicate choices clearly and help users make informed decisions
Balances simplicity and essential information

Please provide feedback on:

Clarity and usability
Visual appeal
Copy effectiveness

Thanks for your input to help refine the design.

mobyvb commented 4 months ago

cc @AlexeyALeonov

iglesiasbrandon commented 1 month ago

updating Estimated completion sprint to 46; we are finishing up QA work on this feature.

iglesiasbrandon commented 1 week ago

updated the estimated completion sprint to 49. we are finalizing some admin items to deploy to production.