Three passwords
Secure password resets
This proposal provides a secure way to change your password, even if you have lost one of them. This it does by letting every user, the next time they change their password, choose three, instead of just one new password. You can use each password to login, but if you want to change one of those passwords, you need the two other passwords to do so. This methods has these advantages:
- DemNet doesn't need your E-Mail, which is both for data protection, but also for security a good thing. See points 2 and 3.
- E-Mail Phishing is less likely. E-Mail Phishing, is when you are sent an E-Mail and asked to give your password. It will look like, the service you trust sent that E-Mail, but it is actually someone trying to steal your password and thereby your identity. This isn't really plausible here, because if you ever get such an E-Mail and are asked to give your Password for DemNet, you know that DemNet can't have sent that E-Mail, because it doesn't have your address.
- No trust in third party E-Mail Providers. In this network you don't just depend upon the security of your own account, but on the security of the accounts of everybody else, because otherwise someone could control elections. This is why we should use a method of password reset, that is entirely on the site. Because you may trust your own E-Mail Provider, but do you really trust every E-Mail provider of everybody else?
Technical Description
This proposal introduces a slow transition from one-password to three-password mode. You can still login/write and vote for at least a while. But if you need to change your password, you can only change it to three-password mode and every new user must automatically use three-password mode. I decided not to use a separate table for all those passwords, because I thought that simple JSON would be enough and fast over all. And it is less overhead this way. No extra requests to the database to check whether a Password of some form exists, instead just one request for the user row.