The account registration procedure is the cornerstone on which all other cryptography is placed later on. It is described in detail in the cryptography chapter.
As an overview, the client machine produces the account keyring and encrypts it in a way that only by knowing the account’s password it is possible to decrypt it. The encrypted keyring is stored on the server for the account. Provided the password is sufficiently strong, these data can’t be manipulated by the server and their storage is safe.
Login and session¶
The login procedure does not reveal, if either the email or password is incorrect. This prevents nosy individuals to discover which email addresses are registered in the system.
The login attempts are strictly rate limited, so brute-force guessing login credentials is out of the question.
After a successful login, the client’s session keys are stored and used in ways to prevent CSRF and XSS attacks. All private keys of the account are stored uniquely encrypted making remote session destruction possible while also potentially keeping the account’s keyring safe.
Both the login procedure and session handling are described in more detail in the cryptography chapter.
The security of the user’s machine and its software are up to the owner or their administrator, it is not the responsibility of Clarabot Zrt. Generally speaking, a strong passphrase for the user and utilizing full-disk-encryption are useful.
Losing an account’s password may render it permanently inaccessible. The cryptography of the account is required to be operable for all functions by design. Since the server is intentionally locked out of access to the keys by encryption, it is fundamentally impossible to reset an account’s password by support as usual.
The password can be changed even if it is already lost, as long as there is still an active login session for the account.
We encourage our users to save a recovery key for their account. It is the only way to recover an account of which the password was lost and no active sessions remain. However, the recovery key contains sensitive information and the user must securely store it. Depending on circumstances it could be stored offline and be put into some password manager or vault either digitally or physically.
If the email account is not accessible, the support can help in changing it. (procedure yet to be defined and implemented)
Account recovery is described in a little more detail in the cryptography chapter.
Two factor authentication¶
This provides additional resilience against a malicious party stealing an account. Several operations that are related to account security are automatically and unconditionally protected by two-factor authentication.