Security was our biggest concern with creating it with privacy being our other big concern. The only thing that we had to add is to get an email address to use for account recovery and security isn't compromised at all. The way it works is that we store a copy of your password that is encrypted based on your answer to a security question. When you need to recover your password we send a link to your email address to continue the process. When the user clicks the link they are brought to a page where they answer their test question and the password is decrypted. The password never leaves the browser in unencrypted form and we have no access to it nor the answer to your test question. Since to decrypt the password you need access to the email address and to know the test answer we feel it is secure.
How about sending pieces of the password to different accounts in a decentralized way? You could do this for sections of the private key too and just remember the beginning part and end part of those sections. You'd just give those sections to anonymous participant anonymously so that nobody knows who they are and thus cannot blackmail them, they should have a certain amount of stake and then we all can guard private keys.
As a side note, bockproducers or witnesses could offer this but it might be a risk in making them a target because now they'd have something in custody.
So if you lost your key but knew the summary you could send a request for each holders' section to give you that whole section by providing them the beginning and end of each section.
I would like to know how they are implementing that account recovery thing. I hope they are not compromising security with that feature...
Security was our biggest concern with creating it with privacy being our other big concern. The only thing that we had to add is to get an email address to use for account recovery and security isn't compromised at all. The way it works is that we store a copy of your password that is encrypted based on your answer to a security question. When you need to recover your password we send a link to your email address to continue the process. When the user clicks the link they are brought to a page where they answer their test question and the password is decrypted. The password never leaves the browser in unencrypted form and we have no access to it nor the answer to your test question. Since to decrypt the password you need access to the email address and to know the test answer we feel it is secure.
How about sending pieces of the password to different accounts in a decentralized way? You could do this for sections of the private key too and just remember the beginning part and end part of those sections. You'd just give those sections to anonymous participant anonymously so that nobody knows who they are and thus cannot blackmail them, they should have a certain amount of stake and then we all can guard private keys.
As a side note, bockproducers or witnesses could offer this but it might be a risk in making them a target because now they'd have something in custody.
So if you lost your key but knew the summary you could send a request for each holders' section to give you that whole section by providing them the beginning and end of each section.
I've requested that one of the core team members provide you with an explanation of how exactly it works.
For now, here's a video that shows how it works.
https://steemit.com/bitshares/@ash/bitshares-easydex-wallet-registration-and-recovery-process