Forums Help & support I can't log in (android) Reply To: I can't log in (android)

#7738 Reply

Harvey P

The background is that since we’re relying on SSL/TLS to protect sensitive information when travelling to our server (passwords both for the account and the online password manager), it’s important that we maintain strong security.

There’s no reason why the password needs to be sent to AxCrypt; it invites trade-offs like this.

Instead of sending the user’s password to AxCrypt why not send the user a one-time code via email/SMS/push message? That would be sufficient proof to allow them to retrieve the private key from the server and the password would be used locally to unlock the private key.