Author

Topic: Should password really be compulsory? (Read 1140 times)

hero member
Activity: 668
Merit: 501
February 13, 2014, 07:53:19 PM
#9
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.

Yes, forgotten passwords are a risk.

However, if you backup without or with a weak password, its extremely easy to leak your private keys. Backups need to be stored on public storage (the SD card aka "external memory"), otherwise you would not be able to move them to a safe place (off the device). Thus, any app can read your backup.

In future, you will be able to encrypt your wallet. This means you'll need to enter your password each time you want to sign a transaction. Thus will hopefully help to remember your password.
you can share custom URIs that your app provides to specific apps that can consume those files. (think google drive, email, etc) this is not perfect but it is better than requiring SD card storage (which google wants to remove anyways for usability reasons)
newbie
Activity: 19
Merit: 0
February 11, 2014, 04:23:22 PM
#8
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.

Users are almost always the wrong people to ask when it comes to technical questions.

Yes, but the risk that forgotten password poses is not really a technical question, is it? I would say it's more like a behaviouristic question.

Anyway, I'm just one of those users that dislikes it when an application thinks it knows better than me what's good for me.
legendary
Activity: 2212
Merit: 1199
February 10, 2014, 05:32:59 PM
#7
So the question then becomes, which one is a bigger risk, forgotten passwords or malware.

And the second question then becomes, who is the right person, the user or the developer, to answer the first question.

From malware you can secure yourself

From forgotten passord you can secure yourself too.

But you cant secure your private keys when you will not set password and someone will copy it from your computer. Example - a good friend with pendrive Smiley

legendary
Activity: 1708
Merit: 1010
February 10, 2014, 05:23:16 PM
#6
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.

Considering that Android Wallet operates in an "always on" networked environment, on an android device which is usually a smartphone, there is no other way to secure the wallet from malware.  An offline android wallet is possible, but pointless, and would still be exposed anytime the user desired to spend his bitcoins anyway.  So yes, the developers should force a password.  If you're stupid enough to make it too easy; well, you can't really fix stupid, but you can fix lazy.
hero member
Activity: 483
Merit: 551
February 10, 2014, 05:19:25 PM
#5
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.

Users are almost always the wrong people to ask when it comes to technical questions.
newbie
Activity: 19
Merit: 0
February 10, 2014, 03:57:54 PM
#4
So the question then becomes, which one is a bigger risk, forgotten passwords or malware.

And the second question then becomes, who is the right person, the user or the developer, to answer the first question.
hero member
Activity: 483
Merit: 551
February 09, 2014, 01:03:03 PM
#3
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.

Yes, forgotten passwords are a risk.

However, if you backup without or with a weak password, its extremely easy to leak your private keys. Backups need to be stored on public storage (the SD card aka "external memory"), otherwise you would not be able to move them to a safe place (off the device). Thus, any app can read your backup.

In future, you will be able to encrypt your wallet. This means you'll need to enter your password each time you want to sign a transaction. Thus will hopefully help to remember your password.
legendary
Activity: 2212
Merit: 1199
February 09, 2014, 07:43:58 AM
#2
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Why? It is easy.
If you wont put a password your backup keys are so easy to be taken by someone and you might loose your bits.
So.
Password is most important thing when you do a backup
newbie
Activity: 19
Merit: 0
February 09, 2014, 07:37:41 AM
#1
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Jump to: