Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Just entering the password once is not safe (Read 1264 times)

pekv2
hero member
Activity: 770
Merit: 502
Just entering the password once is not safe
October 05, 2011, 12:19:03 PM
#7
Quote from: TiagoTiago on October 04, 2011, 01:15:53 PM
I see.

That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time.

I was leery of it at first, I backed my wallet in another folder so I wasn't screwed. Like above as you know, it asks twice.
Pieter Wuille
legendary
Activity: 1072
Merit: 1174
Re: Just entering the password once is not safe
October 05, 2011, 07:14:30 AM
#6
Yes, the interface isn't very good right now. However, the next Bitcoin release (0.5) will most likely use the new Qt user interface, which fixes a lot of problems (including the one mentioned here).
dunand
hero member
Activity: 637
Merit: 502
Re: Just entering the password once is not safe
October 05, 2011, 07:09:17 AM
#5
bump.

I backed off too the first time. I decided to continue because the wallet was almost empty. Only a reckless user will encrypt a wallet with no confirmation for password.
jancsika
member
Activity: 80
Merit: 10
Re: Just entering the password once is not safe
October 04, 2011, 07:20:56 PM
#4
Quote from: TiagoTiago on October 04, 2011, 01:15:53 PM
I see.

That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time.

The current behavior is bad interface design, because it puts everyone who cannot predict the future in a temporary state of confusion.  Not only does it punish responsible users like the OP-- who evidently (and rightly) escaped out and went no further-- but it also rewards risky behavior of the user who is satisfied with an apparent single entry of the password.

If you're concerned about lazy users cutting and pasting, put a warning label advising them not to cut and paste.  Regardless: two entry fields in the _same_ dialog, please-- like every other password selection interface I've ever seen in my entire life.  There's absolutely no need to avoid standards here.
TiagoTiago
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Re: Just entering the password once is not safe
October 04, 2011, 01:15:53 PM
#3
I see.

That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time.
iddo
sr. member
Activity: 360
Merit: 251
Re: Just entering the password once is not safe
October 04, 2011, 07:19:57 AM
#2
After you enter the password once, the bitcoin 0.4 client asks you to enter your password again in a new dialog box.

However, as a general note to people who fear losing their money, you should keep backups of your unencrypted wallet.dat before you encrypt it with bitcoin 0.4, and if you save a backup on the cloud (e.g. dropbox) then first encrypt it yourself using e.g. 7zip or gpg, that way you won't lose your money if something goes wrong. Just be sure not to send unencrypted wallet.dat to any 3rd-party host, and even if you store a backup of wallet.dat on your personal usb flashdrive or your laptop etc., it's much better that you store it only in encrypted form.
TiagoTiago
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Re: Just entering the password once is not safe
October 04, 2011, 06:51:01 AM
#1
I went to encrypt my wallet, but the client only had one password field to create the password, i don't trust my typing skills enough, i don't wanna loose my money because of a typo; please change the client so that when it first asks for a password it asks the user to enter it twice and checks if the two entries match.
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: