om3nada
commented
6 years ago 2FA would be more complicated to implement. simple password would be easy to implement.
it's not about saving your seed into a wallet! please read again: it's about a password that releases a transaction AFTER you have successfully logged in to your wallet (using your seed)
keylogger: yes, exactly this is one of my concern! not regarding capturing the password - but to capture your seed!
Again - current situation: login to your wallet using your seed. no additional verification needed. you have full access to your wallet. Everybody that knows the seed has full access to your funds.
My idea: login to your wallet using your seed. if you want to send funds out of your wallet, you have to enter an additional password that you can keep in mind due to lower complexity.
agreed that the seed is more complex than your password. Agreed that a keylogger would grab both: seed and password. proposal: software keypad (like a calculator...) where numbers/characters can be entered by mouse click
BUT: password would add additional security if:
- your notebook mobile device has been stolen
- someone has physical access to your data or backups
- someone has pysical access to your offline seed
to secure your funds I would very much appreciate an additional (optional) password (or two factor auth?) that must be entered to execute a transactions within the IOTA wallet.
use case: a.) your seed is stored somewhere on your computer (plain or encrypted) assumption that anybody gets access to your seed (nobody can remember his/her seed by heart....), e.g. a hacker (person with access to your PC, trojan horse, key logger etc.) could try to steal your seed.
b.) If your seed is offline - written on a plain paper - a thief could get access to it...
If an additional password (that could be kept in mind) could be set to confirm transactions, this could prevent an unauthorised transaction in case the seed has been stolen. At least it would increase the available time to move the balance to a new address while the thief is busy cracking your second password...