Hi there :
I’ve been thinking about something.
What if our phrases are lost or acquired?
As u know,we can’t change it.
Is it only possible to re-build and migrate data?
When there’s a lot of data, it’s a disaster.
I began to consider whether to continue to use AT.
The Internet age,there is no such thing as absolute security,and need to worry about all this.
I mean, in case the recovery phrase is stolen, there is no way to prevent others from accessing my space by modifying revovery phrase. If my spatial data is large, I can only export it,and create a new space, and then import it.There is no alternative.
It could be problematic, but unless you post your recovery phrase on the internet or share it with people who are going to use it to do harm, the possibility of that happening is 0%. I don’t know anyone who is that gullible to not protect their recovery phrase in those regards.
There is no security in the Internet age.
Almost all apps read the clippings, and if you use AT on your phone, every time you copy your phrase, another Apps could steal it.
If the other person is also using AT, it’s easy to guess the use of this phrase.
we can push the pail of responsibility all the way down. if we follow this argument, why dosent android / ios have security safeguards, why dosent samsung/apple make an impregnable phone? why dont you buy a nokia3310 if your so worried about security. the best solution to this problem is to solve it at its source. security hinders convenience, and having one point of ingress that is easily lost, captured, or otherwise is not the best idea. especially since there is no second factor.
Not to argue, but ultimately, if your device is compromised or if your passphrase was stolen, what keeps it from being stolen again if you would change it? Therefore, even implementing the ability to change it doesn’t necessarily safeguard your data. It might keep it from happening again for a while, but once your info is hacked into or breached, it’s breached and in the hands of someone it shouldn’t be. You can turn on the Pin Code feature, but anything is ultimately hackable. However, generally, when things go wrong with security, the user is at fault.
Yes, occasionally, there are vulnerabilities in the code of a program, but normally this falls in the category of not particularly being anyone’s fault. Nothing in this life is going to be perfect (that’s an absolute fact). Also, when companies cover up their vulnerabilities, lack of security, etc., and lie about them, it never gets them ahead - that’s why they feel obligated to immediately patch the security bug, vulnerability, or zero-day. In a free market, when companies are dishonest with how they handle security, people stop purchasing their services. It thus doesn’t make sense for companies to implement sub-par security measures. So, in most cases, it’s the user’s fault for not using a strong password (which is now almost impossible with most companies implementing mandatory password requirements), not using 2FA, not using biometrics, or failing to keep passwords safe. And although nobody likes Google, when I found out that I was “in a data breach” they only got my email because I almost always use the Google sign-in when available. I guess it means they could try phishing or send scammy messages, but I’m not stupid. Plus, Google’s spam filters work well enough that I never get such messages in my inbox.
I would agree with that. They could introduce some sort of 2FA in the future. Even email would in theory work because that isn’t already how you log in and thus connect to your Anytype account. Ultimately, though, using something other than email or SMS, like an authentication app is more secure because then you don’t have to worry about people having access to your email or hacking and retrieving your text messages (that aren’t encrypted) - although it’s unlikely that they would have all the pieces to even get into your account.
agreed, in AT’s curernt state, a brute force attack is all it would take to cause devastating chaos to peoples data, you wouldnt even need to do the advanced thing of se, just generate seed after seed till you hit something, delete everything and move on.