With all these password discussions it’s making me think for now it should be extremely simple to prevent users from getting frustrated when testing. Encryption and data integrity aren’t being bothered with in the tests and not sure why implementing such a hard password scheme right now is beneficial. I know it will be needed in the future but something right now shouldn’t be driving testers away. Just my opinion but you know what they say about opinions! 
My view is that the primary purpose of SafeNet it to provide a secure and private alternative to the open internet. Therefore, those attracted to it will be those who value such security and privacy.
The truth is, many millions of people won’t care less. They do not value such security and privacy. But those who do will also understand the need for secure passwords/access and will not be your typical “granny”.
Your comments apply to retail users. Business owners (i.e., people who hire technical staff) do care even if they know nothing of the technology.
Do something like what steem does.
Create your username, and it will auto-generate a password for you. Save it to the password manager, and you’re set.
1 Like
Then I mod the launcher to not auto generate because I don’t use password managers. And SAFE will be the ultimate password manager for the SAFE network.
You lose your password manager then you’re sunk and please don’t tell me its an online one. At least if you use a phrase that you are comfortable with and it passes a strength test then you are in such a better position.
4 Likes
Users are very bad at choosing strong passwords and also they have the habit to reuse the same password(this can be confirmed by just checking out the last big database leaks) and also even if they choose a strong password most of the times they will forget it after a few weeks have passed without using it, so I think the best way forward is for SAFE to generate at signup a random secure password and to also offer an option to save it to a password manager or to a file from where the user can copy+paste it or have an option to remember it.
This way we prevent the user stupidity as much as possible else a lot of users will be hacked just by checking usernames+passwords from hacked databases and they will say the network has been hacked when its their own fault…this way the only way a user can be hacked is either by phishing him or by infecting his computer which both are in the user responsibility and we have already done everything we could to prevent this, keeping the credentials safe is the users responsibility.
PS: For more advanced users there should be a checkbox or something that lets you choose your own password on your own risk with a big caution warning BUT please lets not forget that SAFE is for everyone and the usual internet user is not so technical as most of the users here, lets try to make it as hard as possible for an account to be hacked in order to protect the usual internet user that doesn’t bother with knowing all the pitfalls of reusing a password or what a strong password is and why it matters, technology should empower all people by making it as easy to use as possible but not at the expense of security.
2 Likes
The new launcher is somewhat mad, I can have a four word / 14 char passphrase that’s ‘strong’, until I add the final character and complete a word, which is then suddenly ‘weak’.
Whether or not we’re calling using dictionary words ‘weak’ here, adding an extra char shouldn’t so dramatically influence the strength at 15 chars, should it?
Yes you will see some things like this, there more insight here zxcvbn: realistic password strength estimation - Dropbox
Interessant. i’ll give it a read!
Is the dropbox lib what’s being used in launcher then?
Yes we are using this in launcher 
1 Like
Id like to suggest reading this article. I find it to be quite informative: Passphrases That You Can Memorize — But That Even the NSA Can’t Guess
So considering what ive read here (skipped some parts) and what I know so far id like to suggest to give the users at least two options. A small “tutorial” (few slides) in a sidebar would complement their decision making. Using a sidebar, users wo uldnt have to open anything else to quickly slide through them. Depending on their choice, the slides change accordingly.
Basically we could offer to either
- Let them create passwords; the sidebar would explain the pros and cons: passwords are hard(er) to remember, but can be very secure if they are long enough. Most ppl are used to it.
- dropbox library, password strength meter, min amount of X, just like now i guess? The sidebar explains why its good to use different characters etc
- Let them create a passphrase; Sidebar would explain pros and cons: passphrases are easy/easier to remember, and can be just as secure if the words are randomly chosen. for some people its new
- possibility to create own passphrase, but suggest to use the random generator; sidebar explains importance of random words that make no sense as a sentence (or sth like that)
- random passphrase generator
Sounds too complicated? What do you think?
1 Like
Ahem,