![]() Either way, the login credentials in that table are updated so that the next time you log in, you’re able to use the new password. In reality, Google, Facebook, Instagram and Twitter (and many, many other platforms) have all been revealed to have stored passwords in plain text. In theory, your password is not stored in plain text - rather, it’s been transformed into an illegible string of characters via a one-way cryptographic process called hashing. Somewhere in a nondescript data center - buried in a server that’s leased or owned by your favorite (or least favorite) tech company - there’s a row in a data table with your username and password. Step 2: You reset your password, and the platform swaps your old password for your new password (hopefully not in plain text). ![]() This may be via an emailed link, a security question, an authentication prompt on a device you’ve associated with your account, or some combination of these. Cheating makes everything easy While the details vary somewhat from one platform to another, the broad outline of how account recovery usually works is pretty straightforward: Step 1: You prove who you are. As with many things in secure software design, it wasn’t easy. ![]() So we needed to design a new one: a password-reset system that simultaneously respects real people’s needs and the privacy of their data. Standard password-reset systems are fundamentally incompatible with an end-to-end-encrypted platform that puts people in control of their own data. We use secure design patterns that anticipate the needs of real, busy, messy people - people who forget their passwords a lot. So we don’t design for best-case scenarios or cyber-security experts. ![]() At Skiff, we’re building collaboration tools designed to eliminate the trade-off between privacy and usability that we all face when working and communicating online. One study showed that the average American has been locked out of 10 accounts in the last month. For some people, this happens so often that hitting “Forgot your password?” becomes just another part of logging in. If you use a diverse range of strong passwords, it’s a near certainty that you’ll forget some of them (that is, unless you’re using a good password manager). ![]()
0 Comments
Leave a Reply. |