Simplify security

[gokr]

A lot of people just want to rely on phone locking.

[rtaibah]

I suggest we have two modes: Hard Lock and phone lock only. Remove the Canoe PIN, fingerprint options for now.

Here are some reasons:

• Security options are a mess right now, with so many overlapping edge cases. Very confusing for users. As an example: it is very annoying to have to unlock my phone with a fingerprint, then have Canoe asking for another authentication via fingerprint. This happens if the phone goes to lock mode after inactivity while Canoe is open. I just gave you my fingerprint, why are you asking me again?

• This suggestions offers good options for the two extremes. Lax security, and bullet proof security. For now, a user will need to decide.

• We need to decide what Canoe represents. Is it the security-focused wallet? Is it the multi-platform wallet? Is it the friendly wallet? These are not mutually exclusive, but if we wanna go for security, we need to improve usability and find solutions for these overlapping edge cases. This also ties in with the proposed 'lite' and 'full' options.

[ceddup]

I've been thinking about that a lot this summer. So I came this idea: Canoe should be lax/friendly by default up to a certain amount (say 30 nano) then it would require the level of security needed (It's quite close to Rami's 'petty nanos', I admit ;-)) This way we get a good UX for most users and avoid to deal with big funds loss in case of a hack. Dunno how hard it would be to code though...

[rtaibah]

Not a big a fan of that idea because we will need to be clear on why the sudden change from 'lax' to 'bullet proof' when going over 30. User's get accustomed to a certain way, then we suddenly change on them without giving them an option to turn it off.

[ceddup]

30 nano is probably not a good amount 200 maybe, or even more ? I doubt anyone putting over 200 nano on Canoe would complain about any drastic security measure added. Even then, such users are quite rare.

You have to take into account that a big loss could lead someone to go on trial against the Canoe team, whatever the settings he would have entered. This idea shields against that while letting most people have a good user experience.

On Thu, Aug 30, 2018 at 2:44 PM Rami Taibah notifications@github.com wrote:

Not a big a fan of that idea because we will need to be clear on why the sudden change from 'lax' to 'bullet proof' when going over 30. User's get accustomed to a certain way, then we suddenly change on them without giving them an option to turn it off.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/getcanoe/canoe/issues/302#issuecomment-417305992, or mute the thread https://github.com/notifications/unsubscribe-auth/AKAo9gZf9GNNIf7e3I_EdNC-SgcVJmlmks5uV940gaJpZM4WS7J3 .

[gokr]

So basically the choice is "Encrypt wallet: yes/no". No encryption means no password needed ever, not on startup and no timeouts or anything. Encryption means password on startup - and then to unlock after the lock timeout. No soft lock, just one timeout, but configurable. Set it very high and that will in practice only force password on startup.

[ceddup]

Way to go cowboy! 😁

Le mar. 4 sept. 2018 à 21:57, Göran Krampe notifications@github.com a écrit :

So basically the choice is "Encrypt wallet: yes/no". No encryption means no password needed ever, not on startup and no timeouts or anything. Encryption means password on startup - and then to unlock after the lock timeout. No soft lock, just one timeout, but configurable. Set it very high and that will in practice only force password on startup.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/getcanoe/canoe/issues/302#issuecomment-418497953, or mute the thread https://github.com/notifications/unsubscribe-auth/AKAo9osN9Z9hID6GRGptFOv2ubD6r8JOks5uXttDgaJpZM4WS7J3 .