Topic: NXT :: descendant of Bitcoin - Updated Information - page 1967. (Read 2761645 times)

I am not taking any position, I am just stating facts.
Crypto currencies will never be for everyone to use, because many people are just lazy to learn to use them properly and safely. Just like guns.

It's not a hole in the system. It is a hole in Average Joe mind. Which can be fixed using banks.
But banks must not be part of system, part of decentralized network.

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

We gotta do something here.  There are multiple reports of people having their NXT wallets emptied when they didn't want it to be during the low volume alpha / beta operations shakedown of NXT.  We have to do more that just say, "Well, if you used a strong password, it wasn't hacked by brute force".

There's no such procedure like opening or closing account. Account is just a number. In decentralized network anyone can view any transactions in any accounts, f.e. using blockchain explorer.
But you need corresponding private key to transfer coins from that account.
Current software ask you to enter private key before you do anything with your account, but it is design flaw of software, wihich can be fixed.
And, yes, this long passphrase can be saved to file. If you name this file "wallet.dat" you make life of troyans easier

I think you are taking a position here that is anti-productive.
All that is true.
However: Average Joe will not accept a system that is inherently unsafe.
As it stands, it seems that there may be issues with the safety.
It's not enough to just say: "everything is unsafe".
There are ways to counteract it, and if they are there, why not use them?
The idea is (I hope) to maximise the NXTproject in terms of ROI for us and others.
Having a huge hole (or perceived hole) in the system will not help.

The fact that banks screw people, too, does not mean we cannot do better.

Yes, that was me. Just created a new account, though, and sent the remaining 100k there.

Any news on the block exporer? It states that it would be down for 24 hours but those 24 hours are long over

you're 11794318797680953099?
http://22k.io/-account/12152013998194592943

I can see those talkshows right now

"So if I type "Barbara" as my password, some hacker will steal my money?"

"It would take some time, maybe 5 seconds, but yes, you will loose all your funds."

"..."

That's why there will always be banks. And some people will always trust banks, no matter how many times banks screw them. Because banks take away worries of how to store funds, sometimes take away funds too.


The reality is only death and taxes are guaranteed. Everything else is just chances.

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

This may all be so, but there is a need for the safety to be better.
Mainstream users will NEVER enter NXT in any way if safety is an issue.
Most people just want peace of mind and the knowledge that their money is safe and guaranteed.
For now, in this phase, it's maybe not an issue, but it should definitely be on the cards if NXT has plans to be anything other than a service that is used by the few.

Passwords are often stolen by observation, looking over someones shoulder etc. if you are in a shop you don't want to be entering a 30 character complex password on a smartphone its completely impractical so I suspect the smart phone clients will need to do something and keep next logged in with the passphrase.

I suspect when in wider adoption to prevent fraud by people accessing these devices NXT should ask for a level of authentication, people will expect this and however wonderful NXT is, the common man/woman/child will expect you to make the account safe and practical for them to use.

The first password opens the account - anyone can guess it / type it etc which is the driver of the discussion.
The second password would personalise the account to the person who selected the key the first time and then set a second key.

with other currencies you have the password/random characters that created the wallet and the option of a second password to encrypt the client - would be cooler with NXT if you could put that second password in the protocol.

SMS 2 factor authentication works for centralised organisations not decentralised systems, same problems as email - 3rd parties are also involved or would have to be, it would cost and someone would have to pay - there are lots of models but maintaining the stance that the only protection NXT provides is via a 50/60/70{- where do we stop} character password will become a barrier to adoption.

Edit:
its simple for us...but for the general public its gonna be too much....pls bank pins are 4 digits....they are not gonna be used to 30+ char.


I know it is a must....but we have to try to see things from the perspective of the everyday person...who we want to adopt this technology.

I vote for automatic transfer of 100,000 NXT from account, who ask for 2FA in decentralized network
And another 100,000 NXT for user/password scheme request.

NXT is like a gun.
Once you squeeze the trigger, you can't stop the bullet.
Safety lock is your pass phrase.
People are asking for additional safety measures so that they or someone else can't squeeze that trigger or that the gun asks them 'are you sure you want to squeeze it?'

This makes sense

Edit: A thief could always transfer smaller amounts under the threshold....

optional service....people trusted banks in Cyprus.

OK, using cellphone is not immediately feasible except as an add-on service later.  But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  It would be slow because you would have to wait for the blockchain to generate the authorization code and get it back to you some minutes after you requested it, but I guarantee you that many users would pay extra fees for this to disallow transfers over a certain threshold without a blockchain generated authorization code.  I would pay for it right now.  

As programmers and math geeks, this seems unnecessary.  For public acceptance by high value users, it is mandatory or close to it.  

Only if it's multisig and u trust this service provider.