Steem Keychain should hide private keys by default

in #utopian-io6 years ago (edited)

Repository

https://github.com/MattyIce/steem-keychain
Steem Keychain

I've opened the issue on the GH https://github.com/MattyIce/steem-keychain/issues/80 and also made a comment on the recent Keychain post: https://steemit.com/utopian-io/@blockchainstudio/re-yabapmatt-steem-keychain-update-firefox-version-now-available-20190307t230142429z

Components

  • Private key management
  • UI improvement

Proposal Description

Private key management

Due to the launch of Steem Engine Dex (Steem Engine DEX GRAND OPENING!), more users will use Steem Keychain.

Steem Keychain is the most promising alternative or complementary tool of Steemconnect. (Thanks to @yabapmatt, @aggroed, @stoodkev, @nateaguila) While it's awesome, currently it shows private keys in Manage Accounts without further confirmation, which can be very dangerous.

By the nature of webbrowser plug-in wallet, it is meant to be used by everyone including people who don't even understand the concept or importance of private keys. Even advanced users tend to make a mistake to reveal their private keys accidentally. For instance, they may be on Skype, or hacking tools may monitor private keys. Currently, even for a user to add additional keys, all stored private keys are shown.

There should be additional confirmation step to show private keys.

Mockups / Examples

Before

For a obvious reason, I can't show the screenshot of "before." Currently private keys are shown instead of "Click to show Private Key" (which I suggest below) by default, which can be very dangerous.

For instance, let say you had added posting & active keys before and now you want to add memo key. Then you need to enter this menu, and posting & active private keys are shown without any protection.

After

Private keys should be shown with further confirmation, e.g., "Click to show Private Key".

Of course, it's even better if ask to enter the wallet password again depending on the option. So in the setting page, there should be an option, e.g., "wallet password is required to show private key."

UI improvement

Currently many menus don't have large amount of contents, but still most pages can't be shown without scroll. This is inconvenient. Font size can be smaller (better if adjustable). Or if the heading margin is reduced, the most menus can be fit into one page.

Mockups / Examples

Before


UI problem is not only about menus, it also applies to pop-up windows. This is the actual pop-up for login.

After


How big is the entire content? Not big at all. While this is an extreme example that needs both vertical and horizontal resizes, many menus have similar problems.

Benefits

Steem Keychain is one of the most important projects and will be used by many users. Security is always important. I think not many people expect that it shows private keys without further confirmation. This additional confirmation step enables to keep private keys more secure and users to use it without worrying their keys are exposed by mistakes. In addition, some small UI tweaks will improve UX.

GitHub Account

https://github.com/economicstudio

Sort:  

Hi @blockchainstudio, thank you for your contribution.

As usual, you made a great contribution.
It is clear and easy to read and understand.

Both ideas are common but they will add value to Keychain, so I hope that the POs will implement it as soon as possible. (Maybe you can do it).

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Chat with us on Discord.

[utopian-moderator]

Hi @favcau, long time no see in the reviews :) Thank you so much for your review and feedback. Yes as you said, it's not that special but important. You know what? Steempeak supports keychain! If you trust Keychain and don't want to use Steemconnect that requires posting right authorization, then Keychain will be the future :)

Thank you for your review, @favcau! Keep up the good work!

한글요약: 스팀엔진 DEX 오픈으로 인해 앞으로 많은 분들이 steem keychain을 사용하시게 될 것 같습니다. 아마 앞으로 스팀커넥트의 상당부분을 대체해나가리라 생각합니다. 그런데 현재 키체인은 계정관리 메뉴로 들어가면 무려 private key를 바로 보여주네요. 물론 메인화면에서 클릭 두번으로 가는 화면이라고는 하지만 세상에 너무 쉽게 프라이빗 키를 보여준다고 생각합니다. 전 당연히 위의 제안처럼 click to show private keys등해서 스팀잇에서처럼 한번 더 클릭해야 보여줄거라 생각했고 아마 대부분의 유저가 그렇게 생각할 겁니다. 지금은 키를 하나 추가하려고만 해도 이전에 저장한 프라이빗키가 바로 보이죠. 스카이프등을 하다가 실수로 또는 해킹툴에 의해서 private key가 노출될 수도 있습니다. 특히 처음 쓰는 유저에게 자신이 인지하고 버튼을 눌러서 보여주는 것과(물론 여기에 추가로 원하는 유저는 지갑 암호 재입력도 요구할수있게 하면 더 좋죠.) 그냥 메뉴하나 들어갔는데 바로 키가 보이는 것은 천지차이지요.

ps. 원래 유토피안 제안은 당분간 좀 휴식하려다 이부분은 꼭 바뀌면 좋을 것 같아 작성했습니다.

좋은 제안입니당~♥♩♬
행복한 ♥ 오늘 보내셔용~^^

Posted using Partiko Android

곰돌이가 @bluengel님의 소중한 댓글에 $0.013을 보팅해서 $0.010을 살려드리고 가요. 곰돌이가 지금까지 총 3489번 $41.472을 보팅해서 $43.458을 구했습니다. @gomdory 곰도뤼~

액티브 키 추가하려다가 개인키 바로 노출되는 것 보고 깜놀했는데. 좋은 제안이십니다.~

곰돌이가 @dakeshi님의 소중한 댓글에 $0.014을 보팅해서 $0.009을 살려드리고 가요. 곰돌이가 지금까지 총 3495번 $41.568을 보팅해서 $43.500을 구했습니다. @gomdory 곰도뤼~

네 저도 깜놀했습니다ㅎㅎ 아직까진 정말 극소수 사람만 썼을텐데 스팀엔진덱스때문에 좀 쓰게될테니 차차 나아지겠죠^^

sbi2님이 blockchainstudio님을 멘션하셨습니당. 아래 링크를 누르시면 연결되용~ ^^
sbi2님의 Weekly Upvote Report

...richi0927 | 36.09% | esperando-la-computacion-cuantica
blockchainstudio | 34.01% | jjangjjangman
blockchainstudio | 35.02% | r...


@blockchainstudio님 넘치는 사랑 감사합니다~

처음엔 제가 곰돌이 보팅파워 넘어선줄 알고 깜짝놀랬네요. 곰돌이 보팅파워의 1/2을 넘은 거군요. 사실 이제 거의 비슷하기도 합니다. 곰돌이 스파야 임대가 많으니 어차피 조절하기 나름이지만ㅎㅎ

곰돌이가 @gomdory님의 소중한 댓글에 $0.009을 보팅해서 $0.014을 살려드리고 가요. 곰돌이가 지금까지 총 3486번 $41.429을 보팅해서 $43.432을 구했습니다. @gomdory 곰도뤼~

favcau님이 blockchainstudio님을 멘션하셨습니당. 아래 링크를 누르시면 연결되용~ ^^
favcau님의 Suggestions category - Weekly report: #20

...nts]
  • 60 - 69: none [2 point]
  • 50 - 59: blockchainstudio darewealth, ahyar92 [1 point]
  • Ranking <tabl...

    Hey, @blockchainstudio!

    Thanks for contributing on Utopian.
    We’re already looking forward to your next contribution!

    Get higher incentives and support Utopian.io!
    Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

    Want to chat? Join us on Discord https://discord.gg/h52nFrV.

    Vote for Utopian Witness!

    zorba님이 blockchainstudio님을 멘션하셨습니당. 아래 링크를 누르시면 연결되용~ ^^
    zorba님의 [2019/3/7] 가장 빠른 해외 소식! 해외 스티미언 소모임 회원들의 글을 소개해드립니다.

    ...an님, 태국에서 jisoooh0202님, 미국 캘리포니아에서 livelyshawnee님, 영국에서 blockchainstudio gomdory님, 일본에서 sizuko님, 프랑스에서 eric66님, laylador님, 네덜란드에...

    짱짱맨 호출에 응답하였습니다.

    감사합니다 :)

    Hi @blockchainstudio!

    Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
    Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
    Feel free to join our @steem-ua Discord server

    Coin Marketplace

    STEEM 0.22
    TRX 0.26
    JST 0.040
    BTC 98454.72
    ETH 3466.95
    USDT 1.00
    SBD 3.20