Some Major Suggestions For IceDrive <3

Hey Icedrive,

Hope You All Doing Well On New Update,

  1. If Possible Please Introduce a feature like Active Sessions in Facebook, Instagram, So That In Case if we forgot to logout our account from public computer or any family devices so we can manually logout them by active sessions.

  2. A Temporary Pin Lock System which can we enable from app settings in portable app if we close portable app without sign out then every time if we open portable app we need to enter code for access our portable app.

  3. Allow Multiple Options In 2 Factor Authentication if sometimes in case if we donā€™t get OTP on sms we can login to our account by second option.

  4. Backup Codes Option - if in case we are unable to access any of two factor authentication we can use backup codes to get access of account.

  5. Please try to implement Encrypted Thumbnail view and encrypted video player in android app also to access encrypted media directly without downloading them specially videos.

  6. Icedrive I noticed slow downloading speed even i have super fast wifi connection.

  7. and major thing is that whenever i try to open a particular file in encrypted media it takes a lot of time to open that file even file size is not too much and i noticed when i open any file in encrypted media for example if there is a pic size of 5mb and when i open it in android app it consumes more data then 5mb means a lot of data sometimes it looks like that icedrive try to load all files in that encrypted sub folder then it open that particular file.

Hope I Told For Genuine things and it will help you to make icedrive more familiar with users,BTW I am Loving IceDrive Too Much <3

5 Likes

Hey @TheMartius thanks for the feedback, Iā€™ll forward this onto our dev team.

1 Like

About points 3 and 4 re: 2FA

AGREED. I just activated Icedrive 2FA for Google Authenticator and imagine my raised eyebrow when I wasnā€™t given some recovery codes to squirrel away safely like I was with every other service Iā€™m using it for.

Deactivated it again for now. Because what happens if I lose my current phone, or it gets broken or something? No account access recovery for me. Nope.

And is there a technical reason why the other 2FA options like SMS disappeared once I activated the Authenticator method? Please set me right if Iā€™m missing something. And again, what if that phone is taken out of operation? Itā€™s definitely going to happen to somebody, so what do they do in that case?

I very much want to use your 2FA, but I canā€™t until thereā€™s a disaster recovery solution for them, especially for Authenticator.

Still love my Icedrive though, not ranting.

JD

2 Likes

@JD_Actual Greetings :smiley: Words of wisdom when it comes to Authenticator apps.

When you initially set up your authentication take a note of your ā€˜SEED CODEā€™ This is a code that is generated & look something like this ( fdE^&23PPL22) which you can easily copy into a note file and back-up independently. This can be transferred to another Authenticator app should your current device not be usable.

Google authenticator is not the only authenticator app around, thereā€™s better :wink: Take a look@ Bitwarden you wonā€™t be disappointed :smiley:

Hope this helps :facepunch:t5:

As for the team@IceDrive keep up the good work :pray:t5: :smiley:

3 Likes

Hi @Binary0s1s I see you mention Bitwarden. I currently use Authy purely because itā€™s cloud backed up in case I lose my device. Has Bitwarden got similar as I do like the sound of what they offer.

Good afternoon @DriveMan1 :smiley: I use Bitwarden as itā€™s open source :wink: Your back-ups are encrypted in whatever cloud service or even your own on-premise set-up you choose and more importantly you are not tied in to any one ecosystem :blush:

Your data is yours, I used ā€˜Authyā€™ many many years ago but found out that I did not allow me access to my ā€˜seed codesā€™ :thinking: Which was a no-no for me. Not sure if that changed now, but eitherway I would never go back to them :grin:

At the end of the day whatever authenticator app you use it should allow you to access your ā€˜seed codesā€™ and more importantly allow you to export them in an encrypted format for you to back-up independently.

Hope this helps :facepunch:t5:

1 Like

@DriveMan1 if it helps check out Krypton Authenticator I use this in conjunction with Bitwarden and in my opinion you cannot go wrong with this combination when it comes to your password and your 2FA :smiley: https://krypt.co/

In addition to this list, when will Icedrive support casting photoā€™s and videoā€™s to chromecast?

This is absolutely fantastic information @Binary0s1s thank you for taking the time to explain. Iā€™ll take a look at both suggestions, appreciated

1 Like

Okay guys. You just blasted past this grandma with Seed Codes. So far Iā€™m only using Icedrive for photos I scanned from slides. No 2FA yet; too busy. Nothing in the encrypted area. Suggestions for changing things up here? If so, why, and how do I get there? Ainā€™t fun losing brain function; not easy to keep up. :roll_eyes: Tnx!

Hey @sailaway if thereā€™s any part of our service that youā€™re unsure about please feel free to send us a support ticket via Login - Icedrive or get in touch via our live chat service and a member of our team will be able to assist you.

Tnx, Chris. Iā€™ll take you up on that after I research enough to know what questions to ask. I always try to figure things out myself first, but truly appreciate help when I get stymied. Will probably be in touch in a bit. Tnx, again! :upside_down_face:

Hi sailaway,

Seed codes may be a reference to the secret key used by TOTP authentication, or to a generation or recovery code used by certain password managers. Iā€™ll talk about the former in this post. Hope it helps!

Simple version: the details mentioned in the technical version below (the secret key plus a few other things) can be encoded into a QR Code picture so that all you have to do is scan the picture with an app on your device, and then at any time after that your app can show you a short temporary password you use to log in.

Technical version: TOTP (short for ā€œTime-based One-Time Passwordā€) is a type of authentication. It relies on knowing a Shared Secret Key (typically a 16 character alphanumeric string or longer), a hash function (typically SHA1), the output length (typically 6 digits) and a period (typically 30 seconds). These details together with the current time can be used to calculate a time-based password that is good for only that period of time.

As a part of 2FA this usually means: you enter your account username and your account password (something you know - as in it can be kept in your head), and then the time-based password (something you have - e.g. it can be generated by an app in your phone).

The pros:

  1. Once youā€™ve entered the secret key, your app calculates the password whenever you need it.
  2. Each time-based password is typically a six digit number, which is easy to type in.
  3. If someone peeks over your shoulder, the time-based password expires very quickly.

The cons:

  1. If you donā€™t have your phone (or whatever is used), you canā€™t get your time-based password.
  2. If you lose your phone, you need to go through the setup process all over again.
  3. If someone else gets your phone and you didnā€™t lock it, they can get the time-based passwords (and maybe the keys too).

Some security tips:

  1. If you have too many passwords/keys to remember, instead of writing them in plain text in a notebook (which can be lost or stolen) consider using a secure password manager that encrypts its data so you only need to memorise a single (long) master password instead.
  2. Since a device breaking down or being lost is something that can happen to anyone, make sure that the device (or at least the most important files on it) is being regularly backed up.
  3. If you use a master password and decide you need to write it down in case you forget it, consider whether to keep the written copy in a separate secure location to your device backups (if applicable).
  4. Consider whether you need one or more trusted persons to know where your backups/copies are kept, in the event of something happening to you.

2, 3 and 4 can also be summed up as ā€œIf I had to flee from my burning house and lost my phone and computer, would I have a backup somewhere else?ā€ and ā€œIf I hit my head and forgot my master password, would I be able to get it back from someone or somewhere?ā€

Hey Shaneā€¦Tnx!

I do use 2FA on certain sites; codes texted to my phone or sent to email, depending on what they allow. I got caught on the ā€œseed codesā€, but your description helps my understanding. Thank you for taking the time!

My daughter is in IT and got me started several years ago with a password manager. I create up to 20+ {alpha-numeric & symbol} passwords individually for each site. I have an external backup drive. I have a reputable virus package on all my devices and have locked down my devices to the best of my ability, and even then, have had my identity stolen from hackings of outside entities. I donā€™t post photos anywhere online. I donā€™t use anything Google if I can help it, and my email is out of Switzerland and encrypted. Computers are a bit of a love/hate relationship that Iā€™ve had for 40 years. :laughing:

I also have a ā€œgo bagā€. And nobody looks over my shoulder except my husband, and he doesnā€™t understand anything about computers, and doesnā€™t want to.

When something new shows up that I donā€™t understand, I try to figure it out, but you have made it very easy for me, so thank you, again. You have given me a few ideas for further safety issues. :sweat_smile: Iā€™ll need to stay alive for a few more years to get this done. :smiling_imp: Have a good one!

2 Likes

Hi Chris,

Iā€™d like to second points 3 and 4 above.

  1. At the time of this writing, Icedrive community 2FA allows multiple options: authenticator apps, more than one hardware keys, and 2FA recovery codes. Icedrive cloud 2FA should offer the same.

When only one 2FA method (out of several) and only one hardware key is allowed, the hardware method should not be used since thereā€™s no backup in case of loss. At least, with the authenticator app method when only one method is allowed, the ā€œseedsā€ can be saved for recovery later in case the mobile device with the authenticator app is lost.

  1. A pin/passcode lock on the iOS app would make it safer.

Thank you, Chris. And, to the Icedrive team, keep up the good work!

LT2.

Hi Binary0s1s,

I like Bitwarden for many things including its allowing access to TOTP seed codes. But putting passwords and 2FA codes in the same place might be a bit unsafe for me (think LastPass.) If someone likes to use only Bitwarden as a password manager, using a separate free Bitwarden account only for its TOTP might be safer, or any authenticator app available but save your encrypted seed codes somewhere safe for recovery later.

LT2.

1 Like

@LT2, Welcome! Having my passwords & 2FA together within the BitWarden app works nicely especially when used in conjunction with the Bitwarden secure browser plugin, it makes life so much easier and secure when logging into my vast accounts :slight_smile: . I self-host my BitWarden account like most of my accounts which makes scenarios like LastPass breaches etc none existent in my world lol! As for my ā€˜2FA Seed Codes?ā€™ You have to go on a National Treasure hunt to find them hahaha!
Appreciate your feedback, thanks again and have a great day.

B1nary.