Great ideas here. The Kindle angle is fantastic.
The fact that the private keys are encrypted before sending to the server is of little value if a weak password is used. You or anyone in possession of the encrypted data could brute force the password, it would only be a matter of time.
Could you make your Javascript work with something like the
yubikey for the purpose of generating a strong password?
Thanks Matt.
I've given feedback to the user about the strength of their password. i.e. It gives an estimate of how long their particular password would take to brute force.
I'm not sure how 2 factor authentication would help except perhaps for logging into the system itself. But let me have a think about it.