search

bitpay / wallet

Bitpay Wallet (formerly Copay) is a secure Bitcoin and other crypto currencies wallet platform for both desktop and mobile devices.
http://bitpay.com/wallet
MIT License
3.78k stars 1.74k forks source link

Copay Mac Poor security! #6649

Closed PierreENOlivier closed 6 years ago

PierreENOlivier commented 6 years ago

Hi guys,

I am using Copay wallet both on my MAC and my android. On my android, each I open the app, it requests for my fingerprint or my recovery phrase (and maybe a password but never tried). Nonetheless, on my mac, when you open the app, my account is still connected. You can even access the recovery phrase just by going in the setting!!!

How to disconnect? Ask for the password I set for my wallet? How to protect the recovery phrase??? How to protect anyone from doing a transaction???

Thanks in advance, Pierre

JDonadio commented 6 years ago

Read only wallet: You can use a wallet without his private key so you'll not be able to sign any transaction or access to your recovery phrase or any sensitive information. To do this, you must export your wallet checking the next option:

cursor_y_copay_-_copay_bitcoin_wallet_y_copay_mac_poor_security__ _issue__6649_ _bitpay_copay

Spending password You can set a password which will be required for any "admin" action detailed below:

cursor_y_copay_-_copay_bitcoin_wallet_y_copay_mac_poor_security__ _issue__6649_ _bitpay_copay

Multi-sig walelt If you create a multi-sig wallet let say 2-2, if you want send a transaction from your wallet A, a proposal will be created in both wallets but just signed by A. To be broadcasted your wallet B need to sign it as well.

Note: the exactly behavior occurs in a read only wallet if you try to send a transaction from that wallet, but the proposal is not signed (because you have not the private key there).

Hope that helps.