Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reset User Account #208

Closed
1 task done
overheadhunter opened this issue Jul 10, 2023 · 1 comment · Fixed by #228
Closed
1 task done

Reset User Account #208

overheadhunter opened this issue Jul 10, 2023 · 1 comment · Fixed by #228
Assignees
@overheadhunter
Milestone
1.3.0

Comments

@overheadhunter
Copy link
Member

overheadhunter commented Jul 10, 2023
edited
Loading

As a user, who lost access to all devices as well as the Setup Code, I want to reset my user account to gain access again.

Resetting will re-roll the user's key pair. I.e. while the user can remain a vault member, keys need to be re-shared ("Update Permissions" button).

Furthermore, we need to decide, whether the user needs to re-validate his devices, as in the meantime a malicious admin could have sneaked in fake devices which we must not allow to receive a copy of the user's new key.

Tasks
Preview Give feedback
@overheadhunter overheadhunter mentioned this issue Jul 10, 2023
Merged
7 tasks
@overheadhunter overheadhunter added this to the 1.3.0 milestone Aug 1, 2023
@overheadhunter
Copy link
Member Author

I would argue that re-adding devices isn't much pain and is certainly not unexpected, if a user knowingly resets her account. Thus we should remove them as well, mitigating attacks that are based on sneaking in unauthentic devices.

@overheadhunter overheadhunter self-assigned this Oct 24, 2023
@overheadhunter overheadhunter mentioned this issue Oct 24, 2023
Merged
@SailReal SailReal mentioned this issue Nov 7, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@overheadhunter overheadhunter

Labels
None yet
Projects
None yet
Milestone
1.3.0
Development

Successfully merging a pull request may close this issue.

Reset User Account cryptomator/hub
1 participant
@overheadhunter