Don't allow breached passwords about walletwasabi HOT 9 OPEN

In Wasabi, the password is in fact the 13h seed word. If you recover your wallet without it, you will see no funds.

It should be better explained during the wallet creation process.

from walletwasabi.

The idea is good but also kinda controversal. We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database. I think if this thing would be implemented, some users would try their password once, maybe twice, then if we don't allow it, they'd rather leave it blank.

Not to mention we don't have a "Don't remember your password?" feature for them to reset their password if they forgot it, because it's simply not possible. More complicated passwords leads to more users who forgot it.

Isn't the main reason why people forget the passphrase that it is presented in a similar manner as the typical "pin code" to protect the wallet, and not as a 13th word, or a "hidden sub-wallet"? I was myself confused for quite some time.

By improving the UI, users might understand better, and it would then be their choice (and responsibility) to store the passphrase in an appropriate manner.

Some ideas:

A.- 13th word: As shown on the issue images, the field to add the passphrase could appear following the 12 words seed, with the number "13" prepended to it, and a more explicit information indicating that it is the 13th word of the seed phrase.

B.- Instead of asking the user to enter a passphrase during the wallet creation flow, add a view at the end of that flow asking the user if he wants to create a "Hidden wallet" instead, with a "yes/no", then a more explicit mention, saying that the "key" to the hidden wallet has to be secured with the same standards as a seed (but ideally in a different location), and that losing it means losing control over the wallet (in the same manner as losing the seed), after acknowledging that by clicking next - and eventually ticking a checkbox, another view appears allowing to enter the 13th word / passphrase.

from walletwasabi.

The idea is good but also kinda controversal.
We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database.
I think if this thing would be implemented, some users would try their password once, maybe twice, then if we don't allow it, they'd rather leave it blank.

Not to mention we don't have a "Don't remember your password?" feature for them to reset their password if they forgot it, because it's simply not possible. More complicated passwords leads to more users who forgot it.

from walletwasabi.

In case of forgotten password, couldn't the user reset the wallet and re-enter the seed phrase to reset it? Re-entering the seed could be the "recovery" process initiated clicking on a "forgot your password?". I really like the SHA-1 prefix idea, elegant manner to verify the password without compromising it.

from walletwasabi.

and disallow setting that

Not sure about that, warning with big red letters, that this is bad password, could be enough IMO.

We allow users to leave the password blank, but don't allow them to use a password they want if it can be found in the database.

There is difference - with no password we could assume user understands there is no security, not so with weak password.

from walletwasabi.

I really like the SHA-1 prefix idea, elegant manner to verify the password without compromising it.

I think it's elegant enough that I don't see the need for filters or anything, could just query api.pwnedpasswords.com (or some Wasabi proxy in front).

from walletwasabi.

I think it's elegant enough that I don't see the need for filters or anything, could just query api.pwnedpasswords.com (or some Wasabi proxy in front).

Agreed. There are a few reasons why it is probably better to use a third-party data provider. HIBP or similar, with or without proxy.

from walletwasabi.

n case of forgotten password, couldn't the user reset the wallet and re-enter the seed phrase to reset it? Re-entering the seed could be the "recovery" process initiated clicking on a "forgot your password?".

In Wasabi, the password is in fact the 13h seed word. If you recover your wallet without it, you will see no funds.

from walletwasabi.

I think Occam's razor would dictate the main reason people forget passwords is because they are people :)

from walletwasabi.