Usernamesīefore you create your account, give your username some thought. If there are any changes to your devices or proofs-indicating that your account has possibly been hacked-your followers are notified before they interact with you. Your contacts don’t have to trust that you’re you on Keybase just because you say you are they can see for themselves.Īnyone can check your proofs Keybase regularly does as well. And, as the name “proof” implies, these actions are also provable. Adding proofs and following are both public actions. But you further confirm who you are with proofs, which link your Keybase account to your other online accounts.įollowing provides a public record that also confirms that you are who you say you are. You do create a username to help let others know that an account belongs to you. So long as only you have access to your devices, only you can access your Keybase account. Your account can only be accessed through your devices. Your Keybase account is trustworthy and secure because-instead of being protected by just a password-it’s cryptographically linked to your devices. In best-case scenarios, you can use two-factor authentication for more security but it’s still not perfect. They’re not totally trustworthy and secure. And your password theoretically allows only you to access it.īut with just a username and password, accounts can be hacked, phished, and otherwise compromised. Your username theoretically lets others know that an account belongs to you. Lots of apps only require a username and password to create and protect an account. Devices, proofs, and following help make your Keybase account trustworthy and secure. No phishing, spoofing, or scamming around here. The gist is that, thanks to public-key cryptography your contacts can be sure your Keybase account belongs to you and that only you can access it. You can learn more about how public-key cryptography works in Security. All of these actions are backed by public-key cryptography. You further protect your account with proofs and following. When you create your Keybase account, it’s linked to your devices. Your Keybase account and everything you store or share through it in Chat, Files, Teams, Sites, Wallet, and Git are all protected with encryption. Your username, devices, proofs, and followers are visible on your Keybase profile. Installing Keybase on your computer or device, adding more devices and paper keys, adding proofs, and following all make your Keybase account more trustworthy and secure. I am entirely unsure of the tags to apply to this task, whether it is in scope (sorry Aklapper!) and who would even be interested in committing the time and resources to making it happen.Your Keybase account is secured by public-key cryptography. )īut this evidently would need to be under the control of WMF. This tool exposes the required API endpoints for Keybase (e.g.A user visits a toolforge-hosted application and 'links' their Wikimedia account via OAuth (e.g.I'm logging this because although a toolforge tool could do this fairly easily, the config stipulates that for a account to be proven, the prefill_url / check_url needs to be on the same (sub)domain (i.e. Going by, the integration steps involve "implementing some product features, a couple API endpoints, and then talking to us." - we all know its never this simple, but Keybase's django example proof integration could be modified and run on toolforge, instead of any changes being considered in MediaWiki. What do we need, and why am I logging this? In fact, a GitHub task has existed since 2014 ( ), with a significant amount of interest shown over the years (with one comment by our resident should be noted that all of these methods (committed identities, PGP keys, Keybase) are not guarantees that a sysadmin will reset the 2FA of an account - as far as I'm aware, it is done at their discretion only Keybase is easier to set up than a committed identity) and is a service a number of Wikimedians (probably) use. We have a number of methods of proving ownership of a Wikimedia account (namely via " Committed identities" and public key signed messages) - these have been useful for when two-factor authentication has failed (and/or scratch codes forgotten).Īdding Keybase as another potential method of proving ownership lowers the technical boundary (i.e. Keybase is a key directory that maps social media identities to encryption keys in a publicly auditable manner - for example, I am, and I have cryptographic proofs which validate control over the accounts listed there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |