I have a client-server chat like app. I would like to add an encryption of messages for users. So, that they will be sure that no one, even service owner, can read their confidential information. I'm going to use AES cryptography like this http://bitwiseshiftleft.github.com/sjcl/demo/
The problem is that I don't know how it could be implemented in a user friendly way. I'm afraid to say to user: "If you lose the password, salt, etc, then you lose all your information and nobody can help you."
Is there any precedents in existing software, so that I could grasp right design approach?
Tell me more
×
User Experience Stack Exchange is a question and answer site for
user experience researchers and experts. It's 100% free, no registration required.
|
|
|||||
|
|
Hushmail, does a fairly excellent job of explaining their encryption protocol to the end-user. Part of the purpose of that document is to reassure the user that their service is secure, rather than to warn them of potential pitfalls of losing their password:
As to warning your users of the consequences of losing their password: I suggest presenting that information to them following the accept-terms-of-use-before-continuing pattern, but on a screen/step of its own during the registration process, in a way that will be impossible for the user to miss. Part of the selling point of your service is that one can't recover messages (even you) because they're encrypted. (My answer assumes that your encryption mechanism is seamless, unlike the example you linked, which I took to be an illustration of your encryption protocol, not your user interface.) |
|||||||||||
|
