Comments (9)
In Wasabi, the password is in fact the 13h seed word. If you recover your wallet without it, you will see no funds.
It should be better explained during the wallet creation process.
from walletwasabi.
The idea is good but also kinda controversal. We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database. I think if this thing would be implemented, some users would try their password once, maybe twice, then if we don't allow it, they'd rather leave it blank.
Not to mention we don't have a "Don't remember your password?" feature for them to reset their password if they forgot it, because it's simply not possible. More complicated passwords leads to more users who forgot it.
Isn't the main reason why people forget the passphrase that it is presented in a similar manner as the typical "pin code" to protect the wallet, and not as a 13th word, or a "hidden sub-wallet"? I was myself confused for quite some time.
By improving the UI, users might understand better, and it would then be their choice (and responsibility) to store the passphrase in an appropriate manner.
Some ideas:
A.- 13th word: As shown on the issue images, the field to add the passphrase could appear following the 12 words seed, with the number "13" prepended to it, and a more explicit information indicating that it is the 13th word of the seed phrase.
B.- Instead of asking the user to enter a passphrase during the wallet creation flow, add a view at the end of that flow asking the user if he wants to create a "Hidden wallet" instead, with a "yes/no", then a more explicit mention, saying that the "key" to the hidden wallet has to be secured with the same standards as a seed (but ideally in a different location), and that losing it means losing control over the wallet (in the same manner as losing the seed), after acknowledging that by clicking next - and eventually ticking a checkbox, another view appears allowing to enter the 13th word / passphrase.
from walletwasabi.
The idea is good but also kinda controversal.
We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database.
I think if this thing would be implemented, some users would try their password once, maybe twice, then if we don't allow it, they'd rather leave it blank.
Not to mention we don't have a "Don't remember your password?" feature for them to reset their password if they forgot it, because it's simply not possible. More complicated passwords leads to more users who forgot it.
from walletwasabi.
In case of forgotten password, couldn't the user reset the wallet and re-enter the seed phrase to reset it? Re-entering the seed could be the "recovery" process initiated clicking on a "forgot your password?". I really like the SHA-1 prefix idea, elegant manner to verify the password without compromising it.
from walletwasabi.
and disallow setting that
Not sure about that, warning with big red letters, that this is bad password, could be enough IMO.
We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database.
There is difference - with no password we could assume user understands there is no security, not so with weak password.
from walletwasabi.
I really like the SHA-1 prefix idea, elegant manner to verify the password without compromising it.
I think it's elegant enough that I don't see the need for filters or anything, could just query api.pwnedpasswords.com (or some Wasabi proxy in front).
from walletwasabi.
I think it's elegant enough that I don't see the need for filters or anything, could just query api.pwnedpasswords.com (or some Wasabi proxy in front).
Agreed. There are a few reasons why it is probably better to use a third-party data provider. HIBP or similar, with or without proxy.
from walletwasabi.
n case of forgotten password, couldn't the user reset the wallet and re-enter the seed phrase to reset it? Re-entering the seed could be the "recovery" process initiated clicking on a "forgot your password?".
In Wasabi, the password is in fact the 13h seed word. If you recover your wallet without it, you will see no funds.
from walletwasabi.
I think Occam's razor would dictate the main reason people forget passwords is because they are people :)
from walletwasabi.
Related Issues (20)
- Expose backend as an onion service HOT 1
- Reduce proof sizes in credentials
- MainNetCoordinatorURI got changed to an exception HOT 1
- Automate Release Highlights
- Automate Release Changelog
- Automate version bumping
- Crash reporter shows up but Wasabi doesn't crash HOT 2
- Send: continue button not working HOT 1
- Tx details: incoming tx have fee rate preview item with no value
- App crash when only excluded coins available for coinjoin HOT 2
- Downgrade upload-artifact from v4 to v3
- Redesign transaction broadcaster
- Allow users to copy the transaction hex
- Create sweep traransaction in case HOT 2
- Avalonia NuGet repo unusable
- No version numbers HOT 3
- Microsoft.Data.Sqlite.SqliteException : SQLite Error 10: 'disk I/O error'.
- Mempool min fee not met
- ho aggiornato wasabi e adesso nn mi fa piu accedere si รจ bloccato HOT 3
- Max button missing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from walletwasabi.