Pin code over password for some functions?



  • Okay don’t shoot me down I am just asking and maybe suggesting some improvements to the user experience. I get to send coins out of your wallet you should need to enter your password I get that but is there a reason I have to enter my password to swap coins from anon to public balances within my own wallet? I think if we had something like a 6 digit pin instead of a password it would be much more user friendly! as my password is stupid bloody long.

    would there be any way to have an option where just like you select “unlock for staking” and then your wallet is unlocked for staking have an option where you could select to use your pin over the password for most things excluding actually sending coins out of the wallet?

    so for things like.

    paying a listing fee when publishing a item
    converting coins from public to private or vice versa
    and other things that will probably pop into my head latter on. I think having a 6 digit PIN you could select to use over password for some options would be far more user friendly.

    In my head it would work like this ideally.

    1. like staking you would click the padlock
    2. select activate PIN (Or something like that)
    3. enter your password
    4. select time frame to Activate PIN
    5. once time frame was up it would auto lock and you would need to reenter Password to do anything.

    Not really great at putting my ideas into words so hope you understand what I am trying to say/suggest.



  • @dadon
    Hey,
    first of all: no worries about being shot down in here!

    The reason you have to enter your password when converting balances is this:
    By doing so, you are spending coins just as if you were sending them to any other address, hence the incurring transaction fees. Spending coins always requires to unlock the wallet for security reasons.
    This is how Bitcoin wallets work and since Particl adapts to the Bitcoin codebase, this is how Particl wallets work.

    Workaround:
    There is a function to unlock your wallet for a specified amount of time. I think in Particl Desktop this possible now even without the debug console.
    So you could set it for an hour if you know you are doing stuff for a while.

    Your idea:
    Technically it should be possible. Have people enter a pincode that in turn will use the passphrase to unlock your wallet.
    In this case you would need to store the original passphrase on your machine in some form however, which would reduce security.

    So it’s a trade-off between ease-of-use and security.
    It would certainly be cool if users could choose this for themselves with Particl Desktop.

    Do you know the waves blockchain? Their desktop app (wallet and integrated DEX) works just like this: you enter a password once at startup and then it’s all unlocked until you close the app.
    So, principles regarding security aside, I don’t see a reason why we can’t have this for Particl Desktop.

    Propose it!



  • what confuses me about the converting balances is there is nowhere to enter address so is it even possible for this to be used as method for a hacker to steal coins if there was no password required?



  • If there’s an attacker that can access your wallet but doesn’t have the private key or wallet password to do anything but convert between private/blind/anon?

    That’s a good question. Want to ask that in support on Discord?

    At least the attacker could convert back and forth a lot and make you poorer through transaction fees…



  • hahah good point boring attacker though the fee is so small it would take a long time I think they would get bored 😆



  • But yeah I am not suggesting no password at all for things like converting balances and other things like paying listing fee but something a bit simpler like a PIN. if hacker can’t get your Password I doubt he will be able to get your pin either. but if you have long password and complicated like you should it makes the whole process a pain in the ass the PIN would be so much better.



  • A PIN for intra-wallet transactions. Why not.
    Sounds reasonable to me.



  • Awesome! first step towards making it a reality is getting someone to agree with you it’s a good idea so Amen to that 🙂



  • Hey dadon, I see your point.
    It’s definitely a balance between convinience and security. From my understanding there can’t be made a distinction between sending coins out to a third party or to convert them to one of your own blind or anon addresses. For sending them out from your initial public address you need to sign them with the corresponding private key, nevertheless whether its a small or large amount or whether its related to a conversion or a conventional transaction.

    Your private key is stored in the wallet.dat-file on your PC and therefore its crucial to protect them from being accessible to a potential hacker. That’s why wallet.dat is secured by your password and that’s why you always have to enter this when you need to send any coins. I don’t know how the desktop app handles this, but by unlocking your desktop wallet for a certain amount of time, your wallet.dat or your private key seems to be easier accessible and thus makes the whole “security measures” more vulnerable to attackers. I’m not sure whether it would help to put another security layer on top of it (e.g. PIN, photoTAN, 2FA, …) when the principal underlaying basic security measure (private key in wallet.dat) is already attackable.



  • well is it possible to. just like we can activate staking by entering our password and selecting unlock for staking or selecting the unlock wallet and setting a time frame before autolock, have an the option to select use PIN. (6-8 digits)

    So in my head the ideal user experience/process would be (for me at least) and why I would love a option to use a PIN).

    1. I open my wallet (wallet is locked)

    2. I press padlock icon and select “Unlock for PIN” (or however it would be phrased) and enter my main/regular password

    3. set a time limit the wallet is unlocked for PIN use(when this is up your wallet will automatically lock back to requiring your main password for all functions so you don’t leave it on and forget) (time limit of 60-120 minutes max for extra security)

    4. Now using this PIN I would be able to convert coins, send coins, accept bids place orders everything that would normally require me to use my main password. But excluding some functions like unlock wallet/turn on staking/change password or anything like that.

    Is something like this possible and can you see where I am coming from with this… say you have a long complicated Password 50+ digits by using this 6-8 digit pin you can do everything you normally do that requires a lot of password entering with a lot more ease of use… but you need main password to turn it on initially so it’s not easily abused so hackers can’t get your wallet.data and just try to crack the pin they would need the main password to turn it on and once you were done even if you got up and walked away from computer and forgot about it. it would auto lock it turning off pin access. this seems to me it would be fairly safe… no less safe then current Password protection but far more user friendly for people like me who use long passwords which I think most probably do (Should).



  • @dadon
    I agree, your proposal would be more userfriendly, but most important is the security of the private key. I don’t know how the desktop app is getting access to the private key. When having the wallet.dat unlocked for a longer period of time, the user should be aware of that and not relying on the security of a PIN while underneath the wallet.dat-file might be still easily accessible. If ease of use is needed, I would just unlock the whole desktop app for a longer period of time, then neither password nor PIN would be to enter.
    If there’s a way to store the private key in a secure manner inside the desktop app, I would rather use 2FA or a photoTAN to release each new transaction. This will give additional security over a PIN and is also a little bit more userfriendly than entering a long password.
    However, I personally would prefer to integrate hardware wallet support also into the desktop app. I think this should be a midterm project goal as well, because this would give the possibility to sign transactions just by pushing a button on the hardware device.



  • “If ease of use is needed, I would just unlock the whole desktop app for a longer period of time, then neither password nor PIN would be to enter”.

    problem I see with just unlocking wallet over PIN is even with the current option to unlock wallet for specified time to allow bids to process/listings to load. to do things like send coins/pay listing fees/convert balances you still need to enter password. the only way to disable password completely so it’s not required for anything is to not set up a password at all at creation of wallet meaning no protection. PIN is best of both worlds.



  • @dadon said in Pin code over password for some functions?:

    the only way to disable password completely so it’s not required for anything is to not set up a password at all at creation of wallet meaning no protection. PIN is best of both worlds.

    Then why not setting up your PIN as password?
    This would mean only weak protection, but I guess it would be the same when you keep your system often in “Unlock for PIN” status. In my eyes the best solution would be to integrate hardware-wallets like ledger or trezor.
    So, being your own bank is not trivial and often also not convenient 🤷♂



  • because having a 8 digit password is weak security. and honestly I don’t like using 3rd party hardware to secure my coins. If a PIN set up in the way I described is possible. meaning you would.

    1. Activate the pin like staking by entering your Password.

    2. set a time frame before it auto-locks

    then you have

    A. the security of a regular complicated Password

    B. usability of a simple easy to hack password.

    “This would mean only weak protection, but I guess it would be the same when you keep your system often in “Unlock for PIN” status”.

    No because you activate PIN by entering your main password same as turning staking on. if anyone get your wallet.dat they still need your main password and if your using a PIN that means you are entering this main password less which is also good for security.



  • Sounds to me that a 2FA option does make it more reliable and does also cover the idea/need of the OSD keyboard.



  • 2FA is terrible IMO I can’t even count how many accounts I have lost access to because I had 2FA on. I wouldn’t use it. but If you had a option to use PIN and/or 2FA I wouldn’t complain. seems like 2FA would be more difficult to implement over a Simple PIN option also.

    And I am guessing 2FA would not replace your password it would just be an extra security layer on top of it meaning i would still have to enter my super long Password + enter the code from the 2FA.

    PIN FTW!


Log in to reply
 

Creative Commons (CC) 2020 - Particl Community | Not affiliated with Particl Foundation | Powered by NodeBB