Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discourage Private Keys / Keystore #557

Closed
2 tasks
dternyak opened this issue Dec 12, 2017 · 7 comments · Fixed by #1466
Closed
2 tasks

Discourage Private Keys / Keystore #557

dternyak opened this issue Dec 12, 2017 · 7 comments · Fixed by #1466
Assignees
@wbobeirne

Comments

@dternyak
Copy link
Contributor

dternyak commented Dec 12, 2017
edited
Loading

  • Disable by greying out + link to tbd Electron release page in Web based version (Wallet Decrypt)
    • Keystore
    • Mnemonic
    • raw private key
  • Add MetaMask, Parity Signer with style updates as suggested in mockup below to Create Wallet View. Disable on web:
    • Keystore
    • Mnemonic
@tayvano
Copy link
Contributor

tayvano commented Dec 12, 2017

We strongly encourage you to use a [hardware wallet](https://myetherwallet.github.io/knowledge-base/hardware-wallets/hardware-wallet-recommendations.html) or [MetaMask](https://myetherwallet.github.io/knowledge-base/migration/moving-from-private-key-to-metamask.html) to interact with your wallet on MyEtherWallet.com. It is safer & easier. Using your private key, mnemonic, or keystore file can result in lost funds if you visit a fake MyEtherWallet.com. [Learn how easy it is to switch today ->](https://myetherwallet.github.io/knowledge-base/migration/)"

+1 for forcing using to wait 10 seconds when decrypting (while showing a message like the above)—don't show if offline or on localhost / file

If you convert to password field, make sure there is an eye icon. We moved away from the password field because even if the very early days people seemed incapable of debugging when they had some extra characters or 0x at the beginning or something.

Unlocking existing wallets online and on phishing sites is probably 95% of phishing. It's uncommon someone generates on a phishing site as they typically read guides or tutorials. Not to say we shouldn't encourage doing it offline, just that unlocking is by far the biggest problem.

@tayvano tayvano mentioned this issue Dec 12, 2017
Open
@wbobeirne wbobeirne mentioned this issue Dec 15, 2017
Closed
@dternyak dternyak added this to the Sprint 6 milestone Dec 16, 2017
This was referenced Dec 18, 2017
Closed
Merged
@wbobeirne wbobeirne mentioned this issue Dec 28, 2017
Merged
@dternyak dternyak modified the milestones: Sprint 6, Sprint 7 Jan 8, 2018
@wbobeirne
Copy link
Contributor

Convert input type to password (with option to reveal/eye icon) for:

Unfortunately these are both textareas, which do not support type="password". We could make them inputs, or try to come up with a hacky way of replacing characters with dots. Let me know what's preferred, otherwise I'm just going to leave this out.

@wbobeirne wbobeirne mentioned this issue Jan 10, 2018
Closed
@dternyak
Copy link
Contributor Author

@wbobeirne Any reason not to go with an input? Seems fairly straightforward.

@wbobeirne wbobeirne mentioned this issue Jan 10, 2018
Merged
@dternyak dternyak modified the milestones: Sprint 7, Sprint 8 Jan 15, 2018
@wbobeirne wbobeirne mentioned this issue Jan 25, 2018
Merged
@wbobeirne
Copy link
Contributor

@dternyak after #925 is merged, do you think we should close this? Or do we want to implement any of the other notes from the original post?

@dternyak
Copy link
Contributor Author

dternyak commented Jan 27, 2018
edited
Loading

@wbobeirne I would like to further emphasize MetaMask as a wallet creation option, including to the point of including it in the wallet generation row.

We can disable / grey out mnemonic and keystore on web completely.
screen shot 2018-01-27 at 3 36 56 pm

@dternyak
Copy link
Contributor Author

dternyak commented Feb 1, 2018

@wbobeirne I've updated the issue based on our recent discussion.

@dternyak dternyak modified the milestones: Sprint 8, Sprint 9 Feb 1, 2018
@dternyak dternyak modified the milestones: Sprint 9, Sprint 10 Feb 17, 2018
@wbobeirne wbobeirne mentioned this issue Feb 20, 2018
Closed
@dternyak dternyak modified the milestones: Sprint 10, Sprint 11 Mar 1, 2018
@dternyak dternyak changed the title Discourage Private Keys / Keystore [BLOCKED] Discourage Private Keys / Keystore Mar 1, 2018
@dternyak dternyak changed the title [BLOCKED] Discourage Private Keys / Keystore Discourage Private Keys / Keystore Mar 17, 2018
@dternyak
Copy link
Contributor Author

@wbobeirne With Electron dev builds around the corner, and the recent xss vulnerabilities, I'm removing the blocking tag so that we can focus on finally removing raw keys on the web based MyCrypto.

@dternyak dternyak modified the milestones: Sprint 11, Sprint 12 Mar 17, 2018
@dternyak dternyak modified the milestones: Sprint 12, Sprint 13 Apr 2, 2018
@wbobeirne wbobeirne mentioned this issue Apr 6, 2018
Merged
3 tasks
@dternyak dternyak removed this from the Sprint 13 milestone Apr 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wbobeirne wbobeirne

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

No Private Keys Online MyCryptoHQ/MyCrypto
3 participants
@wbobeirne @dternyak @tayvano