I'm building an educational app where teachers can create and store sensitive data, like student information. The data is encrypted on the device before being sent to the database, and users decrypt this data using a password they set during the app's setup. While this process keeps data secure since the encryption key only exists in memory during the session, it can be inconvenient for users who have to input their password frequently when they reopen the app. I'm considering options to ease this issue, such as letting users save the derived key in local storage with a warning about potential security risks. Has anyone dealt with similar end-to-end encryption challenges? How did you balance security with user experience?
6 Answers
That's a really good question! I think allowing users the option to save their keys in local storage is a solid approach. Most users are familiar with the 'Remember me' feature found on websites, which could help them feel more at ease. Paranoid users can just keep entering their password every session, so it seems like a win-win.
If you aim for maximum security, you could stick to forcing users to log in each time without any storage options. You might consider using a known Secret Key combined with their password for salt. Just keep in mind that anything stored on a device might eventually be deleted if the browser deems it no longer valuable. If it’s a dedicated app, consider storing the key within the device’s Key Store instead.
Have you thought about using passkeys so your users can sign in with Face ID or Touch ID? It could really streamline the process for them! You could offer this as an option during encryption setup.
Passkeys sound great, but I'm worried that many users might not understand them. Setting up a password seems easier and might reduce friction for using the app too.
You should definitely look into WebAuthn. It’s a powerful tool that could be really helpful in enhancing user experience without sacrificing security.
I haven't come across WebAuthn before, but I’ll definitely check it out now.
Consider using asymmetric cryptography to create device-bound keys. You can generate a key on the first login and store it in IndexedDB as non-extractable. It’s a common practice in apps like Bitwarden and Proton, so it could really enhance your app's security without hassle.
You could explore offering optional secure key storage (whether it's encrypted or device-bound) or session caching, which would save users from typing their password each time. However, maintaining the highest security level where keys are in memory by default should be a priority.
I might go this route. Just need to confirm with our IT lawyer that it complies with German data privacy laws. Maybe a simple warning would be enough to make users aware of the risks.