Move password verification to the final step #1142
Conversation
|
I tested it. I like it. Concept ACK. |
|
Okay then, what do you think I should do? What about adding the "See password" button? |
|
That's a good idea, but I don't think we should mix it with this PR. |
| @@ -11,7 +11,14 @@ | |||
| <TextBlock Text="You can recover your wallet on any computer with:" FontWeight="Bold" /> | |||
| <TextBlock Text="- your mnemonic words AND" FontWeight="Bold" /> | |||
| <TextBlock Text="- your password" FontWeight="Bold" /> | |||
| <TextBlock Text="Unlike most other wallets if an attacker aquires your mnemonic words, it will not be able to hack your wallet without knowing your password. However, unlike other wallets, you will not be able to recover your wallet only with your mnemonic words if you lose your password." TextWrapping="Wrap" /> | |||
| <TextBlock Text="Unlike most other wallets if an attacker aquires your mnemonic words, it will not be able to hack your wallet without knowing your password. However, unlike other wallets, you will not be able to recover your wallet only with your mnemonic words if you lose your password. For that reason, verify the password is correct and back it up." TextWrapping="Wrap" /> | |||
There was a problem hiding this comment.
I should write something like this:
Backup your password too! Unlike most other wallets if an attacker acquires your mnemonic words, it will not be able to hack your wallet without knowing your password. Only with the mnemonic words you will not be able to recover your wallet! For that reason, verify the password is correct and back it up.
There was a problem hiding this comment.
Too long, don't read. This is true for the original text, too.
There was a problem hiding this comment.
Agree. What do we do with that text? Should I rollback to the original text?
There was a problem hiding this comment.
Not sure at this point, I will look at the new UX workflow after the functionality is working.
|
|
||
| try | ||
| { | ||
| encryptedSecret.GetSecret(Password + "trolo"); |
There was a problem hiding this comment.
yes. This PR was pushed for discussing the pros/cons of the idea with something real (with code) and to get feedback, i was never for merging. Anyway, if this is good then I will remove this failing trick.
…es/Check-Password-Recovery
lontivero
force-pushed
the
Features/Check-Password-Recovery
branch
from
4e56050
to
7a09bb2
Compare
|
Please make a mergable version, so I can review properly. |
|
The #1152 is better that this so, I am closing it. |
This is a proposal for discussion regarding #1128. The hypothesis here is that users simply forget the passwords because they believe that it is not really important and that they can always recover the wallet with the seed.
The fact that it is clearly stated that password is super important is irrelevant because studies are clear: people DO NOT read. So, in this case, after a user back up the seed he/she is required to reenter the password and check the password match and also make sure the encrypted secret can be recovered with path password (this is an absolutely paranoid checking but anyways)
The PR is for discussion and not for merging.