As a user I want to be able to block my own account, so that the attacker could not steel my password DB on a compromised device

Hello, here is the similar request about disabling users, but it’s more of an administrative feature whereas this one is more security related and is an extension to the linked one. Also here is the thread related to this problem.

Q1. What is the problem that you are trying to solve?
Currently blocking your own account is not possible. I think it is a major security threat.
When an attacker gains access to one of your devices:

  • device stolen
  • you’ve got some keylogger/rootkit/malware program on the device

and you realize it, you want to be able to block the access to your account immediately. Not to allow him/her to download the backup of your password database. Even with 2FA it is still actual, e g when the phone is stolen or malware is installed (once you logged in, attacker intercepts input and do whatever he likes). So you want to block the access immediately from the other device.

Q2 - Who is impacted?

Q3 - Why is it important and/or urgent?
Because it significantly lowers the risk of losing all your sensitive data in aforementioned situations.

Q4 - What is your proposed solution? (optional)
I think we should add big static button or menu entry “Block account” to the manager, it should be always visible and easy accessible with one click. I’m assured it is totally a Must.

To fully automate process of regaining the access to the account by the user without admin intervention, I propose adding a generation of an unblocking key pair. The public key is stored in the server, and the private key is suggested to be stored on a USB stick separately from all access devices. The unblocking process is as follows (1st variant):

  1. User logs in to his/her account and sees a banner “Your account has been blocked, please load the unblocking key”
  2. User loads the private unblocking key (optionally also protected with a passphrase) and if the private key matches the public key saved with the account on the server, the user can proceed.
  3. User enters the old key and the old passphrase and generates a new key with a new passphrase.
  4. User waits while the extension locally re-encrypts all the passwords and saves them back to the server, and then the server unblocks users account.
  5. User then recovers his/her account with the usual procedure (using new key and new passphrase) on the other devices, if any.

Alternatively recovery process could be performed by the request to admin, for organizations (2nd variant):

  1. User logs in to his/her account and sees a banner “Your account has been blocked, please load the unblocking key or send this unblocking request ID to the administrator: As3Rw
  2. User contacts the admin, tells him the unblock request ID and confirms his identity somehow, the admin chooses correct recovery request by ID in the manager UI (there could be several requests because of an attacker) and confirms the request. The user can proceed.
    Other steps 3-5 are the same

Note, that there is a difference between administratively disabling account (as in the request linked in the beginning of this post) and blocking the account: blocked account can be unblocked by the user with 1st variant of unblocking, but administratively disabled account can not be unblocked by the user.

Q5. Community support

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters