Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?
I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!
WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!
If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!
You should use 2 passwords. One that you save locally or on the cloud that has back ups and redundancies and that you dont actually memorize, and one that you do memorize and never save on any computer that touches the internet. Then simply concatenate the two passwords when entering your wallet. The first will protect you against rainbow tables (thats what got you) and the second will protect you against hackers. Its a pretty simple concept but it really should be spelled out, its certainly not peoples fault for not knowing this. Heck the client should even come with two password fields and concatenate them for people imo.
This makes absolutely no sense whatsoever. Two passwords and one long passwords is the same thing.
"Then simply concatenate the two passwords when entering your wallet."
If your machine is compromised, both passwords could be stolen when you are entering them in the wallet. This doesn't add any security then just having one longer password.
