Require system auth on tapping show nsec

[alltheseas]

suggestion

Hide nsec behind iOS system auth when user taps on the show nsec button.

Do not show nsec is auth not provided.

Show nsec only on successful system auth.

[water783]

Thx, will add it to our plans

[water783]

This feature is included in the v1.2.3 release

[alltheseas]

I am on 1.2.3 (16) and cannot confirm this feature is on 1.2.3 (16).

[water783]

Do you have turned on the passcode & FaceID

[alltheseas]

I see what changes you made now.

You added a custom pw for 0xchat. My original suggestion was to use the system auth (i.e. iOS pw). This is fine. Telegram uses this pattern.

Confirming after I enable pw, 0xchat asks me for login to view the nsec.

However I can copy the nsec without auth, which reduces the value of see nsec auth.

I'll add a new ticket for this.

[alltheseas]

Added auth on tap nsec: https://github.com/0xchat-app/0xchat-core/issues/8

A couple further comments: 1) the original feature request suggested iOS pw for auth on 0xchat. The benefit here is that you can enable this by default, and all 0xchat users do not have to add and remember a custom pw for 0xchat. You can see this pattern in Damus. This auth pattern also does not exclude a custom pw functionality.

2) Personally, I dont use faceID. I see faceID as a login, rather than a pw. FaceID is not information that only you have, and does not meet the definition of a pw to me.

Password

a secret word or expression used by authorized persons to prove their right to access, information, etc.

[water783]

1. Emm, the idea behind our design is to set a password for 0xchat to enhance the security of Auto-login. If users find it inconvenient, they can enable Face ID for quick access. However, this is contingent on user confirmation. Using the iOS password is also a good choice, but it's possible that the user might not have set up an iOS password.

2. Being able to copy nsec without auth is a mistake, will fix it. :)