Discussion about the password requirements in SAFE Launcher


#1

Just a question for thought, but who are we to say how secure people’s passwords etc need to be?

Should we really set these “minimum” limits? A few thoughts,

  • Whose granny will remember two phrases, if the latter has to be min 25 chars with special characters / numbers?
  • Why not set these minimums as guidelines and at the most set a warning that tells people they are making an account with a poor password… but people should be given the choice to proceed

There will be all sorts of people using SAFE, just like with the internet today, so test accounts will be made, etc. All sorts. Lets let people make their credentials as simple as they like, right? We can give warnings but I think it may be severely off-putting to set limits I hope I am explanining the difference well enough here.


SAFE Network - TEST 7
SAFE Network - TEST 7
#2

Login security is a very hard thing for us to get right. I agree with @whiteoutmashups reasoning, up to a point… the point at which I think, well this isn’t just another login, it’s the master login for everything you do on SAFEnetwork. Like the login to your password manager for example.

So we need to do more than encourage people to make it secure I think. More like, make it hard for them not to make it secure! While also making it as easy to use as possible.

Tricky!


#3

The best I can come up with in a few seconds here is security questions, like a series of “best friend’s name?” “first kiss?” “favorite car?” etc etc, and you have to fill out 20 to register an account lets say, and to log in each time you have to answer 5/6 correctly or something.

I still think we should scrap all that though, and let people make simple accounts (possibly with the ability to change/ improve security later if they choose to use the account longer term).

I don’t think people will transfer all their savings into a test account they create in a few seconds anyway. These security steps should be optional, and can be added by people when / if they so choose.

But I just don’t think its right to unilaterally require it on all accounts for a network that we are expecting to become the next massively-adopted internet. Because it will definitely get in the way of that. Definitely…


#4

let us not forget that we are simply making the internet (network) here, and wallet apps on SAFE etc can all have their own additional security before sending coins / funds as they see fit.

Let us not prohibit / create any barriers to getting people using SAFE, please


#5

I see what you’re saying but people will pick password123 like idiots and then blame maidsafe and call out like a canary that the safe network is not secure at all


#6

anyone worth listening to won’t say that, and every box of crayons has its dull ones :slight_smile: but I think it will create a much more powerful internet if everyone is allowed to login… and this really isn’t enough of a reason to make the network harder for the 7 billion different people (with different thresholds on how many numbers / letters they can remember) out there to log into…

or else they will (mark my words… will!) just go back to the easy clearnet anyway and get their credit cards / accounts etc hacked all over again… Which is no better!


#7

If people are being held back because the password is too long than that’s really their own fault. I also would like to see that I can use 6 character because I’m lazy sometimes but security goes before anything else on the network and if 6 characters would have been as safe as let’s say 15 capital letters, number etc., I guess Maidsafe would have chosen to keep it at 6.

Everybody is allowed, more characters doesn’t change that of course


#8

this extra security should be left to the higher levels, in my opinion.

There are such fewer barriers to creating profitable apps on SAFE than anything that exists today, so countless apps will be made. And great selections will exist.

So people’s wallet apps will have all types of additional security, and the markets will flock to the most secure apps.

My main point here is we are just making the internet… and today’s internet has NO password to it, so since we are introducing that concept with SAFE, we need to keep the password / credential part as simple as possible, in my opinion, and leave additional security of funds / etc to higher levels if people need them / choose to have them

I definitely disagree with this point right here… not everyone is as comfortable with computers as you are, there’s all different types of people out there. I’ve met many who barely know how to type


#9

Those extra passwords won’t be needed if the access to the network password is secure. If we’re implementing multiple passwords because the first one isn’t secure than people need to remember more characters and for different applications than they would have with the option right now.


#10

You and me disagreeing? What?!! :wink:

If people don’t know how to type I’m not sure if they know how to use the network itself because they’re probably illiterate? Going off-topic from Test7 so if you want to continue the discussion I can move it or should we let it rest for the future :blush:


#11

and this will be the case, for some (hopefully many) SAFE users. One great set of credentials for everything. But who are we to speak for everybody?

I think we should just allow for everything, and then things will happen naturally. That is best. Apps will allow you be fine after you login with your credentials, or offer additional security options. And if you’re happy with your core network password then fine, don’t use anything else. Great! Easy!

But I don’t see any reason to require ALL accounts to have such long passwords. Limits should be removed. …Freedom, right? Right?


#12

Maybe anyone from Maidsafe (or somebody else) can explain the security differences between for example 6 simple letters or the requirements right now?


#13

ok it’s fine, definitely related to TEST 7 I think because it has to do with how TEST 7 handles passwords.

But ok I’ll stop I’ve said my bits


#14

@whiteoutmashups:

I just don’t think its right to unilaterally require it on all accounts for a network that we are expecting to become the next massively-adopted internet. Because it will definitely get in the way of that.

Agreed, and stories of people losing their life savings / precious data to ransomware / < fill in disaster here> … will hurt adoption too. :wink:

My first thought is I think something David has already talked about: a multi layered login.

So you have two or three (or more) passwords for the same account, with each giving increasing access. So you have:

Level 1: Read/write access to the root folder and to a default Safecoin wallet called “wallet”.

Level 2: Similar but now you can see & access a subfolder “confidential” and wallet “savings”, which are not even visible from level 1.

Level 3: Now you have access to folder “secrets” and a wallet called “fort knox”, neither of which are visible to levels 1 or 2.

The naming could be improved (and only given as defaults for each level that can be customised) but it illustrates the idea. The difference with separate accounts is that each level gains access to all the lower levels, and also that the Launcher can guide the user in creating credentials of appropriate strength for each level - according to an example use case.

The Launcher would require, or strongly encourage :slight_smile:, increasingly strong credentials for each increase in level, and provide guidance on how secure each level is expected to be - appropriate to the example use case for that level.

I have no idea how hard this would be to implement, but at first thought it seems to strike a useful balance and be fairly easy to understand. Problem though, it’s requiring multiple sets of credentials, which of course makes it harder to use.

Where things like 2FA are available these could simplify matters a lot by requiring them for certain levels rather than having separate credentials for each level. Another option would be to use the same credentials, but only allow access to secure levels from a particular devices (a bit like using ssh passwordless login from permitted devices).


#15

It’s related, but we can make a new beautiful topic as well as it’s very important. My idea would be:

Any symbol and uppercase should count for 2. So “iplaybingo” is 10 chars.
But “Iplaybingo#” is 13 chars. Even while it’s only 1 char more.

Or make them even count for 3 chars…

So, build in some double/triple counters and we should be good ;-).


#16

Worth reading this as the start of such things. For now we went with a strength meter that takes much of this into account.


#17

Count me in for being happy with the secret + password solution we currently have .

If we shall compartmentalise further our accounts with different levels of access ,
let’s maybe consider having a ( :lock: ) locking option for folders & wallets with different
permissions , maybe including multiple :key2:keys or signatures to open or have full access
to some . Ideas we can and may want to use as everything evolves beyond this first level of
interaction , when also safecoin , apps , distributed computing , smart contracts arrive …


#18

Last last comment on it (I promise!) but thinking back on it after a few hours, I realized that it’s all open source anyway so many launchers can and will be made,

So the burden is not actually on us now to sort out the password solution for the entire internet forever anymore :slight_smile:

A relief. So do as you see fit with your launcher, team :slight_smile:


#19

This post was flagged by the community and is temporarily hidden.


#20

Absolutely. We don’t need more than a warning that the password choice is insecure imo, anything more than clicking ‘ok’ to that will be resented by those who don’t really care and think their password choice is secure enough for their needs.

I understand the desire to protect people from themselves, but in my experience that’s usually a mistake. Surely it’s better to just protect SAFE credibility by making them click ‘proceed anyway’ when you’ve warned them that their choice is insecure? You could even add some warning text in red, visible when they type it in every time they log in, so they are constantly reminded that their pw is too short if you want to try to encourage people to be sensible. I really dislike creating a ‘turn-off’ by forcing such a long pw before the user has even logged in for the first time. What if they plan on it just being a throw away account while they take a look at the network? They can always decide they like it and then improve the pw later on can’t they?