[Feature Request] Multiple level subkey

Thu Sep 14 01:20:06 CEST 2017

>Until and unless you present a usability study involving 100+ people composing a representative sample of an identifiable community, you don't know a thing.

* I think * is NOT * I know *. I may be wrong: I don't care. First of
all i want to implement this for myself, and if i'm right and is
something that people like, that is good for them.

I will expose my reasoning instead; unfortunately i don't have the
resources or knowledge for a full study.

- smartphone outnumber pc since 2011
(http://www.marketwatch.com/story/one-chart-shows-how-mobile-has-crushed-pcs-2016-04-20)

- smartphone are already carried everyday by most people owning them
(http://www.nydailynews.com/life-style/addicted-phones-84-worldwide-couldn-single-day-mobile-device-hand-article-1.1137811)

- smartphone have NFC, BT, WiFi, making contacless payment or key
exchange extremly easy, convenient, and fast. In fact, i know payment
and even public transport access by NFC is already a reality. (no
source needed, i hope)

- smartphone are easy to loose or get stolen (45% of 18-24 years hold
has lost at least one phone according
https://www.statista.com/statistics/241365/us-cell-phone-users-whose-device-has-been-lost-or-stolen-by-age-group/)

- many smartphone are not safe
(http://thehackernews.com/2016/08/hack-android-phone.html)

- some documents in different country already come with a personal
certificate/key bound to the person

My idea is to make possible for the everyday user to add/manage new
services with a main password (by using the level 2 key, encrypted),
accessing services eventually passwordless (level 3 key), but in case
of the loss of the device, reissue all certificate in a automatic
fashion on the new device, staring from the  safe key describing the
original identity (level1)

Now, from the *user* point of view, I think we can all agree that the
reissuing of the key is quite a pain, and having safe way to do it
automatically is quite nice. but no stat on that.

On the server side, we already have something going in the right
direction with openID (but i don't think can be made
transparent-compatible, that is another big discussion)

>And without exception, not one has been successful.

better one more try, that one less

>Househusband. English has used this word since 1858.

TIL

>They may lack sophisticated technical skills, but that's not the same as being foolish or clueless.

But my target is not fools or clueless, my target is who is lacking
the technical skill.
For those person is all about convenience; 50% of android user does
NOT lock the phone
(https://www.elie.net/blog/survey-most-people-dont-lock-their-android-phones-but-should).
Since apple has implemented touchID, they say >80% of the user use it.
(http://appleinsider.com/articles/16/04/19/average-iphone-user-unlocks-device-80-times-per-day-89-use-touch-id-apple-says)

This, in my opinion, is exactly the target, make the deploy of the key
easier, especially in case of device loss (aka level 2 and 3 key
compromised)

>Your "average internet user" is a 1940s-style way of thinking. We need to do better than that.

Then explain FB, google, youtube, amazon... all of them does NOT
provide a great deal of personalization, if at all.
UX, usability, all is about create a "average user" out of your target
audience, and make things work for most of them. It is extremely hard
to do, but now we have much more literature.