Account Security Issues
-
If I enable end-to-end encryption, do I need to save my account password and encryption key? If I lose either my account password or encryption key, will I be unable to access my data?
In addition, When will you support Google two-factor authentication?
-
Yes, if you enable end to end, we do encourage you to keep a copy of your key. There are in-app methods to download it, save it to Google Drive, or to save to iCloud. For your security, we do not keep a copy of our key on our servers, so there is no way for us to assist with recovery if you lose it. We can, however, help you reset your password if you forget.
We do not have plans to further integrate with Google at this time. I encourage you to use our built-in “Login with Google” method on your Day One account to utilize Google’s two-factor authentication with Day One now. I have also let the team know you’d like to see a two-factor authentication option added.
-
So, if someone wants to access my account data, they need to obtain both my account password and private key? Is that correct?
-
If they only have the private key or only have the account password, they cannot access the data?
-
The private key is required for data to be decrypted from the server, even if your password was compromised. End-to-end encryption is not currently designed as an authentication feature, but to keep data encrypted in transit to, and stored on the server.
My colleague also submitted a feature request on your behalf for two-factor authentication.
Let us know if that helps or if we can assist you further.
Day One Forums 