doc: fix typo

README.rst

@@ -4,28 +4,28 @@ purpose
 =======
 
 passkey is a USB dongle to paste credentials.
-It appears a serial port to enter the credentials, and HID keyboard to paste them.
+It appears as a serial port to enter the credentials, and HID keyboard to paste them.
 
 Usage:
 
-- insert the passkey dongle in the USB port, buttons facing up
+- insert the passkey dongle in the USB port, with "passkey" text facing up
 - it will appear as serial port to enter the credentials, and HID keyboard to paste them
-- the red light will blink, indicating it no credentials have been entered yet
-- connect to it using your favorite serial terminal (e.g. [putty](https://putty.org/) or [picocom](https://github.com/npat-efault/picocom)) using any baud rate
+- the red light will blink, indicating no credentials have been entered yet
+- connect to it using your favourite serial terminal (e.g. [putty](https://putty.org/) or [picocom](https://github.com/npat-efault/picocom)) using any baud rate
 - press 'c' to enter your credentials to paste (username and password)
 - the light will remain on
 - press one button of the dongle for it to just paste the password
 - press the other button to paste the username and password (tab separated)
 
-You can configure it over the serial terminal:
+You can configure passkey over the serial terminal:
 
 - press 'h' to list all available options
-- press 'b' to swap the button, changing which is for the password or username and password
-- press 'l' to set using keyboard layout should be used: use the same are configured in your OS, else the pasted credentials might not be exactly the ones you entered
+- press 'b' to swap the buttons, changing which is for the password or username and password
+- press 'l' to set which keyboard layout should be used: use the same are configured in your OS, else some letter in the pasted credentials might be different
 - by default the credentials will be cleared 12 hours after they have been entered. Press 'g' to change this time, up to 12 hours
 - by default the credentials will be cleared 3 hours after the last time they have been pasted. Press 'r' to change this time, up to 3 hours
-- press 'a' to authenticate the device. Enter a random word, and it will provide a corresponding result. Copy the provided text to the [homepage](https://passkey.cuvoodoo.info/). If the response is the same, the device is running the original firmware.
-- press 'k' to enter your own key, which you need to remember. You can then authenticate the device locally (without using the homepage), using any SHA256 calculator.
+- press 'a' to authenticate the device. Enter a random word, and it will provide an URL and a corresponding result. Click on the link, and if the response is the same, the device is running the original firmware.
+- press 'k' to enter your own key, which you need to remember. You can then authenticate the device locally (without using the link), using any SHA256 calculator.
 
 security
 ========
@@ -43,36 +43,40 @@ You can clear the credentials by:
 
 - unplugging the dongle
 - pressing both buttons at the same time
-- pressing 4 times CapsLock within 2 seconds on your keyboard
-- pressing 4 times NumLock within 2 seconds on your keyboard
+- pressing 4 times CapsLock or NumLock within 2 seconds on your keyboard
 
 The credentials will be cleared up to 12 hours after they have been entered.
 The credentials will be cleared up to 3 hours after the last time they have been pasted.
-This decreases the risk of having them leaked if the device is left unattended for too long.
+This decreases the risk of having them leaked if the dongle is left unattended for too long.
 These timeouts can be configured over the serial port.
 
-The dongle is locked after been programmed.
+The dongle can be locked after been programmed.
 This prevents from:
 
-- using the SWD interface to attach a debugger on the test point and dump the credentials from the running system
+- using the SWD interface to attach a debugger on the test points and dump the credentials from the running system
 - using the bootloader to flash a new malicious firmware (e.g. that could store the credentials on non-volatile memory and reveal them later)
 - mass erase the device, to re-enable debugging and flashing
 
-The flash memory is also write protected.
-Only the last 4 kB of flash are re-writable, as the are used to store the configuration set over serial.
-The makes it very hard from exploiting the runtime firmware and overwrite.
+The flash memory can also write protected.
+Only the last 4 kB of flash are re-writable, as they are used to store the configuration set over serial.
+This makes it very hard from exploiting the runtime firmware and overwriting it.
 
 To verify if the firmware is original, use the authentication menu.
+If you get the passkey from CuVoodoo, you will also has received it's ID per email.
+This ID should the prefix of the authentication token.
 Each device has been programmed with an individual key before being locked.
 Matching the result with the website ensures the key is the same.
 To avoid using the website, you can set a user key, and perform the authentication locally using any SHA256 calculator.
 
+risks
+-----
+
 The [STM32F042F6P](https://www.st.com/en/microcontrollers-microprocessors/stm32f042f6.html) micro-controller does not have security certifications.
 If the device locking mechanism can be circumvented (e.g. using fault injection), a malicious firmware could be installed.
 Because of that, it is not recommended to leave the dongle unattended.
 It has a hole to pass a string through and attach it to a key-chain you keep with you.
 This string also allows to easily unplug the device from the computer.
-It is also recommend to draw on the back of the device, so it becomes unique and hard to tamper with unnoticed.
+It is also recommended to draw on the back of the device, so it becomes unique and hard to tamper with unnoticed.
 
 firmware
 ========