You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, each hot account has to be locked with a separate password. This seems to me like unnecessary security theater, though I am open to hearing the explanation for this decision and being convinced otherwise.
I think it would be sufficient to move the password one level up in the "app component hierarchy" and have users set a single password for accessing all hot accounts.
The UX could be like this:
The first time the user creates/imports a hot account, they are prompted to set a password.
The next time the user opens the app in a new session and tries to access a hot account, they will be prompted to enter the password.
If the user enters their password to access Hot Account 1, then in the same sesssion, switches to Hot Account 2, then they will not need to re-enter a/the password to access Hot Account 2.
Another way to do this would be to do it like MetaMask, where there is a global password that the user must enter every time they start a new Frame session, regardless of what kind of account they are trying to access. This would actually be my preferred solution. The purpose of the password here is not just security, but also privacy: by requiring that a password be entered on startup before proceeding further in the app, we prevent someone who is using the user's computer from even seeing what addresses/balances/etc the user has in their wallet unless the user has also given that person their password.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Currently, each hot account has to be locked with a separate password. This seems to me like unnecessary security theater, though I am open to hearing the explanation for this decision and being convinced otherwise.
I think it would be sufficient to move the password one level up in the "app component hierarchy" and have users set a single password for accessing all hot accounts.
The UX could be like this:
Another way to do this would be to do it like MetaMask, where there is a global password that the user must enter every time they start a new Frame session, regardless of what kind of account they are trying to access. This would actually be my preferred solution. The purpose of the password here is not just security, but also privacy: by requiring that a password be entered on startup before proceeding further in the app, we prevent someone who is using the user's computer from even seeing what addresses/balances/etc the user has in their wallet unless the user has also given that person their password.
Beta Was this translation helpful? Give feedback.
All reactions