With the current situation of accounts being hacked and other poser accounts popping up, I decided to change my password for the better.
As I was changing my password to further secure my many many, truly, may accounts. I’ve come across one platform I used which offers true end-to-end encryption (E2EE).
First, what is E2EE?
End-to-end encryption (E2EE) is a method of secure communication that prevents third-parties from accessing data while it’s transferred from one end system or device to another.1
End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient.2
Okay back to my story, the platform I am talking about is MEGA, the cloud storage service.
I inevitably forgot the password for my account in MEGA. In my hopes to just reset my password, I clicked the “forgot your password?” option.
Now, I went through the series on how to reset my password.
First they gave me an option to input a backup recovery key, given to me upon sign up.
However, I do not have the key.
Second, they gave an option to see if I still have my mega account open in my other devices, so that I can use that logged in account to reset my password.
However, no device of mine had the account logged in.
At the very last, they informed me that it is IMPOSSIBLE to reset my password. See screenshot below.
So they gave an option to PARK my account. As you can see from the screenshot above, parking my account would entail the deletion of the files in my account. In essence to restart my account from scratch.
Since this account did not contain actually any data, it is fine for me to park my account. But imagine having multiple precious data you stored online, which you can no longer access, because you forgot your password (a pretty common occurence).
But more than being mad, I actually applaud this method of MEGA. I actually liked this option, and it blew my mind that such service exists. Since, it is certain that no person would be able to access your account, except for those who actually know the password.
As a privacy professional, it gives me so much joy at the thought that a company cares for my privacy as much I care about it myself.
This is true end-to-end encryption. Since only the user has the encryption key, as claimed by MEGA. That is why, your password and back up recovery key is all the more important. Because, the user is the only one who would be able to access his/her account using this keys.
However, this privacy would entail a sort of responsibility on the part of the user. Since, forgetting the password, and losing the back-up key would mean that you’re completely locked out of your account. But, is that not but a small price to pay for actual privacy?
Another good point I noticed, is that after parking my account, I received an email regarding my back up key, prompting me to save it. Which, this time, I did. Lest be locked out of my account again.
Another security measure they applied, to make sure you remember your password, is before you log out of your account, a prompt would appear. Requesting you to try your password.
Privacy is all the more important in an ever increasing connected world. Now, I do not know about you but I prefer to use services that actually cares about my privacy. The paradigm is shifting, and for sure more and more service would shift to having privacy by design in their operations.
Now, that I know that these kind of service exist, I am more scrutinizing with the other accounts that I have. MEGA just raised the bar in terms of privacy best practices. True, this kind of system might not be for everyone, but this is clearly a step in the right direction for privacy.
This experience, MEGA just clarified to me what it is to have true E2EE.
You can learn more here on their website: https://mega.nz/about/privacy
*NOTE: This is not a sponsored post. All the opinions are but the humble opinions of the writer.