yabu (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
February 09, 2014, 12:37:41 PM |
|
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
February 09, 2014, 12:43:58 PM |
|
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Why? It is easy. If you wont put a password your backup keys are so easy to be taken by someone and you might loose your bits. So. Password is most important thing when you do a backup
|
|
|
|
Andreas Schildbach
Moderator
Hero Member
Offline
Activity: 483
Merit: 551
|
|
February 09, 2014, 06:03:03 PM |
|
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Yes, forgotten passwords are a risk. However, if you backup without or with a weak password, its extremely easy to leak your private keys. Backups need to be stored on public storage (the SD card aka "external memory"), otherwise you would not be able to move them to a safe place (off the device). Thus, any app can read your backup. In future, you will be able to encrypt your wallet. This means you'll need to enter your password each time you want to sign a transaction. Thus will hopefully help to remember your password.
|
|
|
|
yabu (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
February 10, 2014, 08:57:54 PM |
|
So the question then becomes, which one is a bigger risk, forgotten passwords or malware.
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.
|
|
|
|
Andreas Schildbach
Moderator
Hero Member
Offline
Activity: 483
Merit: 551
|
|
February 10, 2014, 10:19:25 PM |
|
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.
Users are almost always the wrong people to ask when it comes to technical questions.
|
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
February 10, 2014, 10:23:16 PM |
|
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Considering that Android Wallet operates in an "always on" networked environment, on an android device which is usually a smartphone, there is no other way to secure the wallet from malware. An offline android wallet is possible, but pointless, and would still be exposed anytime the user desired to spend his bitcoins anyway. So yes, the developers should force a password. If you're stupid enough to make it too easy; well, you can't really fix stupid, but you can fix lazy.
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
February 10, 2014, 10:32:59 PM |
|
So the question then becomes, which one is a bigger risk, forgotten passwords or malware.
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.
From malware you can secure yourself From forgotten passord you can secure yourself too. But you cant secure your private keys when you will not set password and someone will copy it from your computer. Example - a good friend with pendrive
|
|
|
|
yabu (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
February 11, 2014, 09:23:22 PM |
|
And the second question then becomes, who is the right person, the user or the developer, to answer the first question.
Users are almost always the wrong people to ask when it comes to technical questions. Yes, but the risk that forgotten password poses is not really a technical question, is it? I would say it's more like a behaviouristic question. Anyway, I'm just one of those users that dislikes it when an application thinks it knows better than me what's good for me.
|
|
|
|
apetersson
|
|
February 14, 2014, 12:53:19 AM |
|
When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Yes, forgotten passwords are a risk. However, if you backup without or with a weak password, its extremely easy to leak your private keys. Backups need to be stored on public storage (the SD card aka "external memory"), otherwise you would not be able to move them to a safe place (off the device). Thus, any app can read your backup. In future, you will be able to encrypt your wallet. This means you'll need to enter your password each time you want to sign a transaction. Thus will hopefully help to remember your password. you can share custom URIs that your app provides to specific apps that can consume those files. (think google drive, email, etc) this is not perfect but it is better than requiring SD card storage (which google wants to remove anyways for usability reasons)
|
|
|
|
|