|
Title: Just entering the password once is not safe Post by: TiagoTiago on October 04, 2011, 10:51:01 AM I went to encrypt my wallet, but the client only had one password field to create the password, i don't trust my typing skills enough, i don't wanna loose my money because of a typo; please change the client so that when it first asks for a password it asks the user to enter it twice and checks if the two entries match.
Title: Re: Just entering the password once is not safe Post by: iddo on October 04, 2011, 11:19:57 AM After you enter the password once, the bitcoin 0.4 client asks you to enter your password again in a new dialog box.
However, as a general note to people who fear losing their money, you should keep backups of your unencrypted wallet.dat before you encrypt it with bitcoin 0.4, and if you save a backup on the cloud (e.g. dropbox) then first encrypt it yourself using e.g. 7zip or gpg, that way you won't lose your money if something goes wrong. Just be sure not to send unencrypted wallet.dat to any 3rd-party host, and even if you store a backup of wallet.dat on your personal usb flashdrive or your laptop etc., it's much better that you store it only in encrypted form. Title: Re: Just entering the password once is not safe Post by: TiagoTiago on October 04, 2011, 05:15:53 PM I see.
That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time. Title: Re: Just entering the password once is not safe Post by: jancsika on October 04, 2011, 11:20:56 PM I see. That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time. The current behavior is bad interface design, because it puts everyone who cannot predict the future in a temporary state of confusion. Not only does it punish responsible users like the OP-- who evidently (and rightly) escaped out and went no further-- but it also rewards risky behavior of the user who is satisfied with an apparent single entry of the password. If you're concerned about lazy users cutting and pasting, put a warning label advising them not to cut and paste. Regardless: two entry fields in the _same_ dialog, please-- like every other password selection interface I've ever seen in my entire life. There's absolutely no need to avoid standards here. Title: Re: Just entering the password once is not safe Post by: dunand on October 05, 2011, 11:09:17 AM bump.
I backed off too the first time. I decided to continue because the wallet was almost empty. Only a reckless user will encrypt a wallet with no confirmation for password. Title: Re: Just entering the password once is not safe Post by: Pieter Wuille on October 05, 2011, 11:14:30 AM Yes, the interface isn't very good right now. However, the next Bitcoin release (0.5) will most likely use the new Qt user interface, which fixes a lot of problems (including the one mentioned here).
Title: Re: Just entering the password once is not safe Post by: pekv2 on October 05, 2011, 04:19:03 PM I see. That is not how sites and stuff do it, usually when you are using a new password they show two fields on the same screen; i wasn't expecting it to ask for confirmation after submitting it the first time. I was leery of it at first, I backed my wallet in another folder so I wasn't screwed. Like above as you know, it asks twice. |