Death, taxes and forgotten passwords. If you use a diverse range of strong passwords, it’s a near certainty that you’ll forget some of them (that is, unless you’re using a good password manager).
For some people, this happens so often that hitting “Forgot your password?” becomes just another part of logging in. One study showed that the average American has been locked out of 10 accounts in the last month.
At Skiff, we’re building collaboration tools designed to eliminate the trade-off between privacy and usability that we all face when working and communicating online. So we don’t design for best-case scenarios or cyber-security experts. We use secure design patterns that anticipate the needs of real, busy, messy people — people who forget their passwords a lot.
Standard password-reset systems are fundamentally incompatible with an end-to-end-encrypted platform that puts people in control of their own data. So we needed to design a new one: a password-reset system that simultaneously respects real people’s needs and the privacy of their data. As with many things in secure software design, it wasn’t easy.
While the details vary somewhat from one platform to another, the broad outline of how account recovery usually works is pretty straightforward:
Step 1: You prove who you are.
This may be via an emailed link, a security question, an authentication prompt on a device you’ve associated with your account, or some combination of these.
Step 2: You reset your password, and the platform swaps your old password for your new password (hopefully not in plain text).
Somewhere in a nondescript data center — buried in a server that’s leased or owned by your favorite (or least favorite) tech company — there’s a row in a data table with your username and password.
In theory, your password is not stored in plain text — rather, it’s been transformed into an illegible string of characters via a one-way cryptographic process called hashing. In reality, Google, Facebook, Instagram and Twitter (and many, many other platforms) have all been revealed to have stored passwords in plain text.
Either way, the login credentials in that table are updated so that the next time you log in, you’re able to use the new password.
Step 3: The platform restores access to your data.
You now use your new password to log in and the service provider restores access to whatever data were stored on your account, be they banking details or personal notes.
This process is simple. But its simplicity hinges on an important detail: The platform has the keys to your data.
Your data may or may not be encrypted at-rest on the company’s servers, but in any case, the platform is able to — when it chooses — access your data and make decisions about when to grant you (or anyone else) access. When you change your password, the platform simply updates the conditions necessary for accessing the data that you’ve stored on its servers.
The simplicity of this process reveals how insubstantial the password was to begin with. Your password can be easily changed because it never controlled access to your data in the first place — the platform did.
But the three simple steps above don’t work for Skiff. We can’t cheat and arbitrarily change the conditions necessary to access your data, because…
No, really. We don’t have it. We store an encrypted version of your data on our servers, but we don’t have the keys to decrypt it and we never did. That comes with the territory of end-to-end encryption.
Only you, the end user, have the keys to your own data. So where are they?
If you want all the details, we recommend reading our white paper. But the short version is that your password is the key to your data.
Every time you log in to Skiff, your browser uses your password to derive a key that’s used to decrypt the account data sent to your device by Skiff’s servers after a successful login. This all happens locally on your device. Your password and the key derived from it are never sent over any network nor stored in any form.
The fact that your password remains private — even from us — is important, because it ensures that the system remains end-to-end encrypted. If we had access to your password, we would be able to use it to decrypt your data, and end-to-end encryption would be broken.
Therefore, we don’t ever want to see or store your password. We don’t even want to store it in a hashed or encrypted form (like most platforms do), because if it ever got into the hands of a motivated adversary, there are ways they could try to crack it.
So we have a problem: How does Skiff confirm you are who you say you are? How do we confirm the password you enter matches the password you set if we’ve never seen your password in any way, shape or form?
The answer is the Secure Remote Password protocol (SRP), a clever piece of cryptography that allows a user to authenticate their identity to a server without ever sending the password (even in a hashed or encrypted form) to that server. (For more information on how SRP works, check out this site.)
Using the Secure Remote Password protocol, we’ve solved one important problem — we’ve authenticated your identity without ever having seen or stored your password in any form. And in the process, we’ve ensured that a password on Skiff does what many people mistakenly (though understandably) assume it does on every platform: It genuinely limits access to your account. Without your password, no one — not even we — can access your data.
But we’ve also introduced a new problem: If you forget your password at this point, your data will be impossible to recover. Remember, Skiff doesn’t have access to your password nor your unencrypted data. So if you lose your password, then all we could do is give you back encrypted data, which would be as useless to you as it is to anyone else.
When you sign up as a new Skiff user and log into your account, the first thing we ask you to do is to enable account recovery. Doing so gives you a long, randomly generated string of characters. This is the recovery key, a single-use backup option for decrypting your data if you forget your password. You can either write it down or download it as a PDF.
From that point on, if you forget your password, you’ll need to do two things to verify your identity:
To keep this process secure, we use a technique called Shamir’s Secret Sharing, which splits the backup decryption key for your account data into three pieces, or “secret shares.” After your decryption key is split up locally, you keep two shares — the first lives in your browser’s local storage and the second is the string of characters you write down or download — and you send us the third. (All of this happens automatically when you enable account recovery.)
The backup decryption key for your data can only be produced by combining at least two of the three secret shares. So after verifying your identity during account recovery, Skiff sends you the single share it was storing. If you supply at least one of the two shares you were storing, then you’ve now met the two-share threshold, and you can decrypt your data locally a single time. You then reset your password and your data is re-encrypted using the new password, before we — or anyone else — can ever glimpse it.
The advantage of this system is that we never have enough information to decrypt your data — we only ever have one of the three shares — but we can still support you in recovering your account if you ever lose access to one of your shares.
Behind the scenes, this process is more complex than a standard password reset, but for Skiff users, it’s seamless. The upshot is that your data stays private and secure, and we can still help you out if you’re among the 57 percent of real people who forget their new password the moment they reset it. (And if you are, remember, use a password manager.)