Launcher/Logging In

Just a thought regarding the Launcher and logging in. There should be a Forgot Password function, as some people are going to forget their login information

Hmmm…that would be a good feature but may have to be tweaked as the login and password are never actually sent to the network, they remain on the client machine.

I suppose you could set hint questions, etc that are stored on the local machine as well…

In fact they do not even exist there, only in your head :wink: The system does not write passwords anywhere and never sends them across the network or stores them on the network.

There is a way to securely share account details via Shamir etc. but it’s not in place. So think, unbreakable safe and folk want a backup key for it :smiley: it’s a conundrum. In our case we can do something about it, but it will reduce security to trust in those you share pieces of passwords with not to collude.

For safecoin etc. you can have several accounts who all need to sign the coins. That’s another mechanism though (N of P signatures).

9 Likes

Holy cow! I didn’t realize that! Now that is pretty amazing…I suppose with great security comes great responsibility!
I guess I can always just write my password on a post it and stick it under my keyboard. :yum:

6 Likes

Q about app permissions, where do they get stored actually? Are they already stored within the network itself or is this somewhere locally on a machine running the os with the launcher and the apps itself stored? Wondering if it would make sense to store perms within the net via fingerprint hash etc of the launcher and app binary combinations and so forth.

I have not been in the launcher parts so much (stuck in lower levels and other parts of the business), but yea AFAIK all the perms etc. are stored on the network in session packets (encrypted known only to your client. Apps are fingerprinted and each fingerprint is recognised by your launcher.

2 Likes

All the more reason that users will be tempted to use pin==keyword==password, I use keyword==password atm but wonder that should be challenged later by the launcher.

2 Likes

I see, thanks. ^^20 characters

Brings me back to the one question I had the last iteration of the testnet, if and how are the limits of those three fields of secrets. How long are the strings and what is being derived from what later on. Didnt have time for the source code just yet.

Also the launcher should in my opinion more prominently display that i am CREATING an account at the moment or i am trying to ACCESS an existing account at the moment throughout the login/create process. Often I wana login already although havent created the axx yet.

Thanks and cheers.

1 Like

There should be no limit, any is an error. The PIN though may be limited to numerics only.

4 Likes

The best solution is a multisig password. If the button is not pressed in a month, then it sends password to the original owner. The two clients will relay the button message. As long it continues to pressed, it doesn’t have to send the password to the original owner. The problem is having three clients up and running. You could theoretically trust two of your friends, instead.

Paste function appears to be disabled in Launcher (Pin, Keyword and Password) fields. Is this something that will be changed? I find it very frustrating to login when I cannot use a password manager. This has ultimately lead to me giving up on testing the latest releases more often than not.

This is certainly one of the weirdest things what people have said took them from testing.

Password managers will be irrelevant on the SAFE network because passwords arent needeed anymore.

Paste works fine on Linux.

That’s great that it works in Linux. I’ll do my work there instead, then. Paste is not working in MacOS, however. I assumed that it’s a bug and likely specific to the OS. Hoping that it gets fixed because remembering three unique pieces of information is inconvenient, especially for something as new and radical as MaidSafe.

Am not too sure of the details of if its a bug but in OSX it can be a very intended feature from the framework too considering OS default password fields dont support cut/copy/paste. for example if you went to “System Preferences” -> “Security & Privacy”

Now if you hit the “Lock” at the bottom left, it will ask you for your admin password in a field that by default wouldn’t allow operations such as paste.

This has been a known/intended limitation(for security reasons) in the OS for a while and there are workarounds such as what is proposed http://apple.stackexchange.com/a/105960 to get around it. The same workaround works fine with launcher on OSX too. Just tested locally if it helps.

1 Like

maybe gui objects like right mouse click and such are disabled or invisible and not being able to trigger, but operating-system level functions via e.g. keyboard such as copy paste are working at my place at least, linux with kde. ctrl+c ctrl+v

I can confirm that an account, ID and website I created 16 hours ago and haven’t accessed again until now, is working. That is a big improvement, so the safe_vault binary is indeed more stable (data retention) than before.

I’ve got another account that I haven’t touched and I’ll try it tomorrow morning, which will be an interval of at least 36 hours.

1 Like

I made an account yesterday at home and work perfectly today at work. All files OK.

The best, the Safe Launcher work continuously without blocking.

Previous versions, at least in Windows, need to reset continuously.

1 Like