Deleting identities is too easy


Status
Not open for further replies.
G

Gristle

Guest
Jeff, a single left swipe can delete an identity with zero confirmation.

This should be much more difficult, and should probably include an automatic generation of the export identity PDF with a reminder that the rescue code is needed to reimport.

What about requiring the rescue code be entered before deletion? It would stand to reason that if they can't prove they have the code, then deleting the account would equal permanent extinction of that identity.
 

warwagon

Well-known member
May 20, 2018
165
64
Iowa
Jeff, a single left swipe can delete an identity with zero confirmation.

This should be much more difficult, and should probably include an automatic generation of the export identity PDF with a reminder that the rescue code is needed to reimport.

What about requiring the rescue code be entered before deletion? It would stand to reason that if they can't prove they have the code, then deleting the account would equal permanent extinction of that identity.
It goes back to the old saying about Data "If you only have one copy of your data, then pretend it doesn't exist" meaning if the one copy dies then it's gone forever. I agree it shouldn't be very easy to delete on identity. On the other hand, EVERYONE should have a backup of their identity so they are able to easily put it back on the device.

Yes, having your identity deleted off your device would be a slight inconvenience, but it's not the end of the world because you should be able to put it back on your device using the print off everyone "Should" have.

Sure entering the rescue code would prove you have a backup before wiping your identity, but that is just one case of your identity being lost. Another case is someones phone DIEING!
 
Last edited:
G

Gristle

Guest
Well in my case, I actually accidentally deleted my identity because in iOS a swipe back universally means "go back" but it also caused my identity to just vanish.

I'm just saying it should have a confirm dialog, same as powering off the device and resetting the device.

I agree with you on all the other points!

We also should teach users how to be responsible rather than punish them by making them learn the hard way. It goes without saying that advanced users will understand SQRL, but if we want widespread adoption, we have to cater to less savvy users, including users with suboptimal motor control of their fingers.
 

warwagon

Well-known member
May 20, 2018
165
64
Iowa
Well in my case, I actually accidentally deleted my identity because in iOS a swipe back universally means "go back" but it also caused my identity to just vanish.

I'm just saying it should have a confirm dialog, same as powering off the device and resetting the device.

I agree with you on all the other points!

We also should teach users how to be responsible rather than punish them by making them learn the hard way. It goes without saying that advanced users will understand SQRL, but if we want widespread adoption, we have to cater to less savvy users, including users with suboptimal motor control of their fingers.
I agree. I also fear we will be suffering reports of regular users having their phones destroyed and losing their identity permanently.
 

0.NRG

Well-known member
May 19, 2018
46
11
Yeah, people should not be relying solely on the identity on their phone without a proper backup offline, but it also should not be so simple to delete your identity that you can accidentally do it before you realize what you did. I would even go as far as to make the user jump through two hoops (two confirmations) after the swipe to delete. Maybe first confirmation is “Are you sure?” and second one is “Do you have a backup? Are you really sure?”
 
  • Like
Reactions: warwagon

warwagon

Well-known member
May 20, 2018
165
64
Iowa
Maybe first confirmation is “Are you sure?” and second one is “Do you have a backup? Are you really sure?”
That's a good idea.
"Do you have a Backup?"
If your identity is only located on this device and you do not have a backup, then deleting this identity from this device will remove it from your life FOREVER without the possibility of recovery!
Do you wish to delete this identity?
 
Last edited:

Dave

Well-known member
May 19, 2018
469
97
Gardner, MA
I'm just saying it should have a confirm dialog, same as powering off the device and resetting the device.
@Steve has flatly refused to implement identity deletion in the GRC client. The only way you can delete an identity there is to go into the file system, find and delete the .sqrl file. I had argued (and lost) in favor of the ability in the client but... as long as there is SOME WAY to do it and it is not something you could do accidentally, I'm totally OK with no delete option. If it IS available in any client it should be well buried and should include "Are you sure? Are you REALLY sure?!? You DO have it backed up, right? Are you absolutely wicked certain?!?"
 

Steve

Administrator
Staff member
May 6, 2018
1,013
304
www.grc.com
I am hoping that @Jeffa will be able to and will choose to move ALL identity management OUT of the app and over into the iOS "Settings" app. This, I think, is the perfect place for it. That's exactly where things go that do not need to be used frequently. This would include creating additional identities after the first one, selecting an identity if there's more than one, and deleting identities.
 
  • Like
Reactions: Walt Stoneburner

Dave

Well-known member
May 19, 2018
469
97
Gardner, MA
selecting an identity if there's more than one
Not sure I completely agree with this part. But, otherwise, yes, 100%!

if you went to the trouble of creating another one, you did it for a reason. Just like how I have my wife's LastPass password because I am her IT department, I would probably have my mom's SQRL identity as well.
 
Last edited:
  • Like
Reactions: Hzy

Dave

Well-known member
May 19, 2018
469
97
Gardner, MA
I am hoping that @Jeffa will be able to and will choose to move ALL identity management OUT of the app and over into the iOS "Settings" app. This, I think, is the perfect place for it. That's exactly where things go that do not need to be used frequently. This would include creating additional identities after the first one, selecting an identity if there's more than one, and deleting identities.
The same would follow for @kalaspuffar's Android client. (Except, as I argued above, for switching identities... )
 
Mar 10, 2019
11
4
It goes back to the old saying about Data "If you only have one copy of your data, then pretend it doesn't exist" meaning if the one copy dies then it's gone forever. I agree it shouldn't be very easy to delete on identity. On the other hand, EVERYONE should have a backup of their identity so they are able to easily put it back on the device.
And if you're traveling over seas, accidentally delete it without confirmation, and your recovery information is sitting in a safe location back home...?

I think a simple "You are about to delete this identify. Are you sure?" is a reasonable bar to have to jump through. Ideally, I'd like to to make me type "YES" rather than hitting button, because now deleting information isn't done by a mistaken swipe or clicking something mistaken taken to be a dismissal button.
 
  • Like
Reactions: bpads and 0.NRG

0.NRG

Well-known member
May 19, 2018
46
11
And if you're traveling over seas, accidentally delete it without confirmation, and your recovery information is sitting in a safe location back home...?

I think a simple "You are about to delete this identify. Are you sure?" is a reasonable bar to have to jump through. Ideally, I'd like to to make me type "YES" rather than hitting button, because now deleting information isn't done by a mistaken swipe or clicking something mistaken taken to be a dismissal button.
Yes, the user should have to purposely take action(s) to delete an identity. Having a question that requires a typed answer is also a good suggestion.
 
  • Like
Reactions: bpads

Steve

Administrator
Staff member
May 6, 2018
1,013
304
www.grc.com
The SQRL UI should be kept as simple and clean as possible. So very-seldom-used and dangerous functions should be kept out of the way. If Jeff is able to move identity management into a SQRL page under the iOS Settings app, that would be the ideal place to put those things. The first identity could be made in the main UI, or the user could be instructed to go to the SQRL page under Settings even to do that. I think this would be preferable since it shows the user that identity management is over there. The user should be cautioned -- as my app does -- that ONLY IF they do not have an existing SQRL identity should they create a new one. If they DO have a SQRL identity in any other app they should use THAT other app's export function to display a QR code and scan it to import the same SQRL identity.

As for deletion, how about this. To delete an identity:
  • The user MUST reenter the full password for the identity they wish to delete...
  • Then a large "15" will be shown with the instructions: Press and hold the "Permanently Delete This Identity" button until the counter counts down to 0.
So:
  1. The deletion is away from the main daily use UI.
  2. They must prove their ownership of the identity.
  3. They have 15 seconds of deliberate button pressing to expunge the identity.
 

Jeffa

Well-known member
May 20, 2018
207
105
The SQRL UI should be kept as simple and clean as possible. So very-seldom-used and dangerous functions should be kept out of the way. If Jeff is able to move identity management into a SQRL page under the iOS Settings app, that would be the ideal place to put those things. The first identity could be made in the main UI, or the user could be instructed to go to the SQRL page under Settings even to do that. I think this would be preferable since it shows the user that identity management is over there. The user should be cautioned -- as my app does -- that ONLY IF they do not have an existing SQRL identity should they create a new one. If they DO have a SQRL identity in any other app they should use THAT other app's export function to display a QR code and scan it to import the same SQRL identity.

As for deletion, how about this. To delete an identity:
  • The user MUST reenter the full password for the identity they wish to delete...
  • Then a large "15" will be shown with the instructions: Press and hold the "Permanently Delete This Identity" button until the counter counts down to 0.
So:
  1. The deletion is away from the main daily use UI.
  2. They must prove their ownership of the identity.
  3. They have 15 seconds of deliberate button pressing to expunge the identity.
I agree it needs making harder
 
  • Like
Reactions: bpads

Steve

Administrator
Staff member
May 6, 2018
1,013
304
www.grc.com
Thanks, Jeff. And, really, not only "harder", but ideally we'd like to not confuse the things the user does when USING SQRL with the things they do when MANAGING SQRL. SQRL is so very easy to use because once it is setup there's almost never any need for additional management. To whatever degree possible, that fact should be factored into the arrangement and design of the UI. :)
 

Jeffa

Well-known member
May 20, 2018
207
105
Thanks, Jeff. And, really, not only "harder", but ideally we'd like to not confuse the things the user does when USING SQRL with the things they do when MANAGING SQRL. SQRL is so very easy to use because once it is setup there's almost never any need for additional management. To whatever degree possible, that fact should be factored into the arrangement and design of the UI. :)
Yup,

I am working towards minimal.
 
G

Gristle

Guest
Thanks, Jeff. And, really, not only "harder", but ideally we'd like to not confuse the things the user does when USING SQRL with the things they do when MANAGING SQRL. SQRL is so very easy to use because once it is setup there's almost never any need for additional management. To whatever degree possible, that fact should be factored into the arrangement and design of the UI. :)
I have a proposal that this this even further and makes the client even better:

Make the USING SQRL portion a simple share sheet rather than a fully fledged app. This way when you invoke the SQRL client from within Safari, the client's share sheet will pop up asking for authentication, etc. then after successful authentication, it will dismiss and you'll still be in Safari. No more having to switch back manually!

If you do this, then you can keep identity management within the app itself, and then in most usage, people will never even need to launch the app at all, except for the very first time.

What do you think?
 
  • Like
Reactions: bpads
G

Gristle

Guest
As for deletion, how about this. To delete an identity:
  • The user MUST reenter the full password for the identity they wish to delete...
  • Then a large "15" will be shown with the instructions: Press and hold the "Permanently Delete This Identity" button until the counter counts down to 0.
Would it also be appropriate to require the recovery code as well, or instead of the password? This way the user has demonstrated they control all the parts needed in order to re-establish their identity.
 

Jeffa

Well-known member
May 20, 2018
207
105
I have a proposal that this this even further and makes the client even better:

Make the USING SQRL portion a simple share sheet rather than a fully fledged app. This way when you invoke the SQRL client from within Safari, the client's share sheet will pop up asking for authentication, etc. then after successful authentication, it will dismiss and you'll still be in Safari. No more having to switch back manually!

If you do this, then you can keep identity management within the app itself, and then in most usage, people will never even need to launch the app at all, except for the very first time.

What do you think?
It's an interesting idea.

I can see problems with the whole cps thing though. I have considered a safari extension and might revisit this in the future. There are more iOS browsers of course and we can't expect client specific behaviour from the website or notifications could be a possibility.
 
Status
Not open for further replies.