Improving security with manual approval code for each sign?

[diegogurpegui]

Is it worth it to have a manual approval each time you have to sign something? I'm thinking of a PIN or even a password.
The idea is that the private key is stored encrypted without the extension to know the encryption key. So each time you need to sign something you, the user, need to enter that encryption key. It could be in the form of a PIN or a password, which you have to enter every time.
If you have this activated, the saved authorizations (5m, 1h, etc) won't be available.

Does it make sense? is it too much?

[benalleng]

I think that the 5m, 1h, forever signing is a bit clunky alltogether IMO.
Thinking about some other extension workflows

1. choose a timeout to sign-in to the extension, like a lastpass/bitwarden where inside of that timeout you are not prompted to sign, all signing inisde that session has already been authorized.
2. Always require a PIN / prompt to sign, no options for setting a timeout
3. No password prompt, once you setup a nos-2x extension with private key and complete the initial setup there is no future signing requests

[diegogurpegui]

Feel free to contribute! Help is always welcome.

However I have to warn you that I'm (slowly I admit) working on the "multiple profiles" feature in this branch: https://github.com/diegogurpegui/nos2x-fox/tree/feature/7-multiple-profiles
This will probably imply code refactor in several parts. Specially because I'm still deciding how to design some stuff. So keep in mind that any change you make in the code might be hard to merge later on.

Having said that, and as I stated before, help is always welcome!

[proudmuslim-dev]

Option 1 seems best IMO

[diegogurpegui]

I think we need to differentiate on the "timeout" feature, because two types of timeouts were mentioned in this discussion and I don't think we've been clear enough.

• Authorization grace period: you can set a grace period for a specific domain during which the extension will sign whatever the domain asks (view pubkey, sign messages, etc.). This is mostly for ease of use.
  This is already there in the extension and you have multiple times to setup, including "forever" which is for domains you fully trust.
  This is what I mentioned in my original post.
• Extension lock: this is the ability to have the extension locked (and the private key encrypted meanwhile) and be able to unlock it by entering a password/PIN. As an additional sub-feature, the extension can be automatically locked after a certain period of inactivity.
  This is what, I believe, @benalleng was referring to as "Option 1" because that's what extensions like Bitwarden or other password managers do.

I think we can do "Extension lock" without issue and without invalidating "Authorization grace period".

[diegogurpegui]

A question that comes up in my mind now is: does the password/PIN unlocks the entire extension or just one profile?
I would say the entire extension, otherwise it would be too complex.

[proudmuslim-dev]

@diegogurpegui I agree, the entire extension makes more sense- I think that's what most people have in mind, everyone talks about support for a Master password