Let’s say that it’s possible to access your Google Chrome sync user & password because it lives in the browser settings, unprotected and unencrypted, it can’t be changed if compromised, and there’s no additional barrier to adding new devices once compromised… anyone here would be criticizing it without a second thought, and with good reason. Well, currently the Brave Sync Code roughly works like that.
While a bad actor getting access to your device is if course a very bad initial scenario, most of the important accounts & services add a degree (or more) of security that either slow down or impede further compromise of your accounts & data (e.g. security prompts before you can take major actions like adding new devices, changing passwords, deleting accounts), and in some cases can even go further (e.g. remote erasing of data).
Thus there are key points Brave sync should cover. These security measures should be optional, but be recommended to users. In order of priority:
- Layer of security before bad actors can access the sync code (e.g. password, PIN, biometry)
- Layer of security after the sync code has been compromised, but prior to synced data going to bad actor’s device (e.g. enable 2FA methods, be able to block/regenerate the sync code)
- Layer of security after the sync code has been compromised, after synced data going to bad actor’s device (e.g. remotely erase synced data from device X on the chain, sever that connection, block/regenerate sync code)