m2049r / xmrwallet

monerujo: An Android Monero Wallet
https://www.monerujo.io/
Apache License 2.0
617 stars 273 forks source link

incorrect password #863

Open jakbin opened 2 years ago

jakbin commented 2 years ago

i installed app . Create a new wallet and take a backup. then i uninstalled app.

After few days i installed app again and i import wallet from backup. then i tried to open it and i enter my password.

then it's says 'incorrect password'

joaovarelas commented 2 years ago

Hello Im also affected by this problem.

Have a .zip backup of monerujo, uninstalled, installed the same version, when importing the wallet it says password is wrong.

The import wallet is buggy. Be careful, i wonder if I lost access to my funda due to this bug...

pricead commented 2 years ago

The import wallet is buggy. Be careful, i wonder if I lost access to my funda due to this bug...

If you wrote down your 25 word seed phrase, you can't lose funds. You just need to restore from the seed.

joaovarelas commented 2 years ago

If you wrote down your 25 word seed phrase, you can't lose funds. You just need to restore from the seed.

Don't have seed. Funds are gone.

The backup feature is not working properly. It seems its related to CrazyPass...

pricead commented 2 years ago

If you wrote down your 25 word seed phrase, you can't lose funds. You just need to restore from the seed.

Don't have seed. Funds are gone.

The backup feature is not working properly. It seems its related to CrazyPass...

Did you write down the "Wallet Files Restore Password" that was generated when you first created the wallet in Monerujo? This isn't the same as the password you picked yourself.

joaovarelas commented 2 years ago

UI/UX should be improved regarding this CrazyPass implementation. At least a warning box with red letters to make the user aware of the difference of both keys and the requirement to store both keys + seed for a future wallet recovery.

In my case, I've lost the wallet (unless there is a way to crack a crazypass).

pricead commented 2 years ago

UI/UX should be improved regarding this CrazyPass implementation. At least a warning box with red letters to make the user aware of the difference of both keys and the requirement to store both keys + seed for a future wallet recovery.

In my case, I've lost the wallet.

I agree there could be room for improvement re CrazyPass, but there was also big box that you had to click saying you wrote down your seed phrase.

Sorry for your loss though.

joaovarelas commented 2 years ago

I agree there could be room for improvement re CrazyPass, but there was also big box that you had to click saying you wrote down your seed phrase.

Sorry for your loss though.

Shame on me for not writing down the seed lol.

Either way the backup/import wallet feature seems rather complex on Monerujo. I hope it wont affect more users due to the recent app update.

jakbin commented 2 years ago

But when I import wallet before uninstalling app. Then I enter password, it works .

ae5960e8-a6fc-491f-b252-898ecf59af95 commented 2 years ago

Importing or exporting is broken, be warned.

poiNt3D commented 10 months ago

Same here. I was moving my wallet to another device. Same password works on the old device, but doesn't work after restoring on a new one. I've tried entering various keys the app told me to write down, but it seems this is not the case: it's the same password prompt where the password works on the old device, it doesn't look like multiline key could be entered there. I was able to import my wallet with the mnemonic passphrase, but i think this is an important issue: presenting a backup option which doesn't work leads to a false sense of security. Devs should either remove the feature or make it work - in my opinion.

cdenovo commented 5 months ago

Same here. I was moving my wallet to another device. Same password works on the old device, but doesn't work after restoring on a new one. I've tried entering various keys the app told me to write down, but it seems this is not the case: it's the same password prompt where the password works on the old device, it doesn't look like multiline key could be entered there. I was able to import my wallet with the mnemonic passphrase, but i think this is an important issue: presenting a backup option which doesn't work leads to a false sense of security. Devs should either remove the feature or make it work - in my opinion.

Completely agree. The approach to security here seems to be "make sure nobody can open the wallet." Nobody expects their entered password to not be portable. I only learned about how Crazypass works after importing a backup didn't work using the password I had saved. You also can't copy-paste from the Secrets screen (ostensibly a feature, not a bug), so the onus is on you to test what you wrote down by (gasp) copy-pasting what you wrote back into the password field. Absolutely abysmal user experience.

On top of all that, just now I was testing opening my wallet with the Crazypass I wrote down (then copy-pasted back in because who in their right mind is going to manually type that out except where they're forced to?). It accepts the password (sorry, passphrase, but in the Password field), starts loading, then quits back to the main screen, and now my regular password and biometrics result in the same behavior.

Given all that, I'm switching to another Android wallet permanently and would strongly advise others to do the same.