MarnixCroes
commented
1 week ago well, if someone has access to your device they could also send all the money out.
Open oPFGKk9gtuw8nuHkzrQn opened 1 week ago
MarnixCroes
commented
1 week ago well, if someone has access to your device they could also send all the money out.
oPFGKk9gtuw8nuHkzrQn
commented
1 week ago well, if someone has access to your device they could also send all the money out.
Yes, that is true. However: If they choose not to send money out, but instead they take the seed and wait until the bond is free and then steal all the BTC this is the worst case possible.
If a person cannot extract the seed then it can only either steal from the wallet now or never. Therefore I ask to lock the seed in the UI.
theborakompanioni
commented
1 week ago Even though @MarnixCroes argument is valid, I think this is a reasonable request. Thanks @oPFGKk9gtuw8nuHkzrQn :pray:
Is your feature request related to a problem? Please describe.
When logged into JAM, any user of that computer can easily access the seed phrase by simply selecting "Show seed phrase" as shown in the attached screenshot. This presents a significant security risk, as there is no additional authentication step required to view this sensitive information. This lack of a security barrier could lead to unauthorized access to the wallet if someone else gains temporary access to the browser window.
Describe the solution you'd like
Implement an additional layer of security for displaying the seed phrase. Specifically, when a user attempts to view the seed phrase, they should be prompted to enter their wallet password again. This step would ensure that only the legitimate wallet owner can view the seed phrase, adding an essential security checkpoint.
Describe alternatives you've considered
Timed Access: Allow the seed phrase to be visible for only a short period (e.g., 30 seconds) after successful authentication, after which the user would need to re-authenticate to view it again. Or lock the browser window after a certain amount of time.
Additional context