This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after "Why Johnny Can't Encrypt," modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.
The PDF of the study can be found here.
(Score: 0) by Anonymous Coward on Monday November 09 2015, @10:46AM
That would be a crappy implementation.
The passphrase basically acts as a key to encrypt the actual private key.
What storing the private key on a server of course means is that for anyone having access to the data on the server, the strength of the key is effectively reduced to the strength of the passphrase.