Skip to content
This repository has been archived by the owner on Jan 2, 2020. It is now read-only.

Account Recovery Feature

Jump to bottom
Anike Arni edited this page Apr 25, 2017 · 5 revisions

The Pixelated team started an implementation of account recovery based on various usability tests, target personas, and technical and security feasibility. Collaboration with both users and Leap members led us to design the approach detailed below.

Feature

In high level, the idea is that the user will set up a backup account, to which half of a recovery code will be sent to. The other half will be sent to the system administrators, with whom the user will have to contact to recover that account. These two codes will then function as a password, but the only possible action the user can complete with this process is to change the password.

Why did we choose to follow this approach?

  • Splitting the code and sending it to different "trusted contacts" ensures the recovery code is not our weakest security breach
  • We don't have to persist any other information from the user, since the backup email will be sent again every time the user asks for a new recovery code
  • Though eventually this approach can be generalised for other users' setting up their own "trusted contacts", the system admin was an already existing trusted contact that we could count on for Pixelated installations

Flows

We separated this feature in two different flows: setting a backup account and recovering the account.

Backup account flow

Backup account flow diagram

Account recovery flow

Clone this wiki locally