Usage of Secret Keys

October 22, 2010

Starting toward the end of the version 2 development a function was added to allow an end-user to utilize "Secret" keys in lieu of a password for some functions. These keys shall be limited in function to non-critcal access and read-only or "write-only" implementations where it is possible to track each transaction with the Interface.

  • Keys are designed to be used where a password is unsafe or impractical
  • Keys are not a replacement for strong passwords
  • The user shall have access to roll the key to a new randomly generated key
  • Under no circumstances should a key-access session be allowed to roll the secret key
  • The key may not ever be set by the user