Comments (6)
rtaibah
commented on September 21, 2024
I suggest we have two modes: Hard Lock and phone lock only. Remove the Canoe PIN, fingerprint options for now.
Here are some reasons:
-
Security options are a mess right now, with so many overlapping edge cases. Very confusing for users. As an example: it is very annoying to have to unlock my phone with a fingerprint, then have Canoe asking for another authentication via fingerprint. This happens if the phone goes to lock mode after inactivity while Canoe is open. I just gave you my fingerprint, why are you asking me again?
-
This suggestions offers good options for the two extremes. Lax security, and bullet proof security. For now, a user will need to decide.
-
We need to decide what Canoe represents. Is it the security-focused wallet? Is it the multi-platform wallet? Is it the friendly wallet? These are not mutually exclusive, but if we wanna go for security, we need to improve usability and find solutions for these overlapping edge cases. This also ties in with the proposed 'lite' and 'full' options.
from canoe.
ceddup
commented on September 21, 2024
I've been thinking about that a lot this summer.
So I came this idea:
Canoe should be lax/friendly by default up to a certain amount (say 30 nano) then it would require the level of security needed (It's quite close to Rami's 'petty nanos', I admit ;-))
This way we get a good UX for most users and avoid to deal with big funds loss in case of a hack.
Dunno how hard it would be to code though...
from canoe.
rtaibah
commented on September 21, 2024
Not a big a fan of that idea because we will need to be clear on why the sudden change from 'lax' to 'bullet proof' when going over 30. User's get accustomed to a certain way, then we suddenly change on them without giving them an option to turn it off.
from canoe.
ceddup
commented on September 21, 2024
30 nano is probably not a good amount 200 maybe, or even more ?
I doubt anyone putting over 200 nano on Canoe would complain about any
drastic security measure added.
Even then, such users are quite rare.
You have to take into account that a big loss could lead someone to go on
trial against the Canoe team, whatever the settings he would have entered.
This idea shields against that while letting most people have a good user
experience.
…On Thu, Aug 30, 2018 at 2:44 PM Rami Taibah ***@***.***> wrote:
Not a big a fan of that idea because we will need to be clear on why the
sudden change from 'lax' to 'bullet proof' when going over 30. User's get
accustomed to a certain way, then we suddenly change on them without giving
them an option to turn it off.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#302 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AKAo9gZf9GNNIf7e3I_EdNC-SgcVJmlmks5uV940gaJpZM4WS7J3>
.
from canoe.
gokr
commented on September 21, 2024
So basically the choice is "Encrypt wallet: yes/no".
No encryption means no password needed ever, not on startup and no timeouts or anything.
Encryption means password on startup - and then to unlock after the lock timeout. No soft lock, just one timeout, but configurable. Set it very high and that will in practice only force password on startup.
from canoe.
ceddup
commented on September 21, 2024
Way to go cowboy! 😁
Le mar. 4 sept. 2018 à 21:57, Göran Krampe <[email protected]> a
écrit :
… So basically the choice is "Encrypt wallet: yes/no".
No encryption means no password needed ever, not on startup and no
timeouts or anything.
Encryption means password on startup - and then to unlock after the lock
timeout. No soft lock, just one timeout, but configurable. Set it very high
and that will in practice only force password on startup.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#302 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AKAo9osN9Z9hID6GRGptFOv2ubD6r8JOks5uXttDgaJpZM4WS7J3>
.
from canoe.
Related Issues (20)
- Add Windows 32 bit build HOT 1
- Add Nanoblackbox support HOT 2
- Add NanoRay PoS support
- Issue with long time pocketing
- Longstanding issue with reconnecting MQTT every minute
- Don't switch backend if it's not working HOT 1
- Display error message when trying to change representative of an unopened account
- Implement support for nano_ prefix
- iOS app on 9.3.5 shows blank screen HOT 3
- Cannot change representative HOT 1
- Canoe Android release on F-droid HOT 1
- Remove copy/paste for seed HOT 1
- Problem with Canoe? HOT 3
- Mobile Wallet is stuck HOT 2
- Cleanup issues
- canoe-win64-1.0.1.zip hangs endessly on "Creating wallet..." on first install
- nao consigo resgatar meu saldo da canoe
- nao encontro meu saldo HOT 2
- Please help! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from canoe.