search

hivewallet / hive-android

Hive Bitcoin wallet for Android
http://www.hivewallet.com
22 stars 15 forks source link

PIN for sending funds or launching app #8

Open bolapara opened 10 years ago

bolapara commented 10 years ago

It'd be nice to have an option to set a PIN to authorize the release of funds from your Hive wallet, or, alternatively to even open the app.

javgh commented 10 years ago

I think it's definitely a feature we would like to have at some point. The challenge is just, to have a good recovery process in case the user forgets the PIN. This will definitely happen frequently and unless we have a good answer for that, I don't want to lead users down a path where they end up locking themselves out.

I think Multibit reported, that forgotten passwords is the biggest source of lost coins as far as they can tell. A recent Mycelium review says: "Forget your PIN and there's no recovery unless you rooted your phone." and Mycelium answering: "Indeed, this is the most common cause of complaints. Be careful.".

One solution could be to require a backup before the user can set a PIN. That would only leave users, that forget both the PIN and the password for their encrypted backup. Still possible I suppose, but maybe beyond the limit of a reasonable fail-safe.

schildbach commented 10 years ago

But a backup (on Android) requires some encryption, and thus a passphrase. Without it, how are you going to transfer your backup off the device?

bolapara commented 10 years ago

I think requiring the user to make a wallet backup before being allowed to set a PIN is very reasonable.

Something also to think about is the way Mycelium does backups. They generate a random passphrase which basically requires the user to write it down rather than using one from their memory. One could argue that may make it less likely that they will "forget" it.

javgh commented 10 years ago

Indeed, Mycelium does some interesting stuff with PDF backups.

But a backup (on Android) requires some encryption, and thus a passphrase. Without it, how are you going to transfer your backup off the device?

Was this in reply to what I wrote? I'm not arguing for backups without encryption/password - I agree that it's necessary to safely transfer backups around.

schildbach commented 10 years ago

Well you said you'd like to require a backup before the user can set a PIN. Anyway, obviously you meant it different.

javgh commented 10 years ago

Aw, I see - yeah, I meant requiring the user to go through the standard backup process first, including picking a password and all that.