Two passwords for login process

Terminology Suggestions requiring 2 login entries.

  1. Public Key ~ Private Key… This is used by crypto communities.

  2. Login ~ Password… This is old school but classic.

  3. Account ~ Password… This is the most widely used today.

I prefer #3 because it doesn’t conflict with Public ID’s, and most systems are already using it. I find it amusing we have gone in a circle with the login process.


We also need to consider here hardware devices. So for instance trezor BIP39 etc. are about account recovery and also some simplicity with security (if carrying a yubi key/trezor is simple). In any case we discussed this earlier, but bitcoin has from day 1 had local stuff on a machine (wallet.dat). We start with the premise nothing is stored locally. A hardware device would change that, but then deterministic key generation is not so valid.

I am just throwing this into the mix here. It’s probably safer to have nothing stored locally, but some devices require that, so there are two schemes really when looking at this, a stored local encrypted thing and a store nothing generate everything thing (like SAFE just now). There is correlation that’s interesting to consider though.


It goes back to security versus convenience. I didn’t say Lastpass and yubikey was my only solution, if I had others I would probably never mention those :wink:. To me the weakness in the current password/login environment is the servers/applications are the weak point so that is why my lastpass with a physical 2FA allows me to easily (desktop or mobile) to make a unique password (Often 40-60 characters) and often unique username for each application/website with relative stronger security than me doing it manually; yes I have to trust lastpass/yubikey and I am always looking for a better option. SAFEnetwork changes all of that (No servers, self encryption, self authentication, single login) and the launcher will be the gait keeper as I understand it in governing what data is shared with applications in the network.


Rather neat idea @chrisfostertv. Problem is of course it is more work and the project is already short of resources.

I do think though its a great advert/incentive for SAFEnetwork to have it solve multiple security issues.

I’ve never trusted a password manager myself - because it seems to me a single point of failure and creates a very tempting target: instant access to all accounts of a user, and if it is replicable, to all accounts of multiple users. Its a bit like using Windows, you become more likely to be targeted.

So I have always preferred being able to choose my own passwords and have developed a scheme (actually multiple schemes, none of which are written down) that allows me to have different complex memorable passwords across multiple systems and never re-used. If there was a password manager in something like this though, I might be persuaded and I think people would find it attractive as part of the SAFEnetwork “secure” brand.


Will the launcher account creation/login be open to 3rd party folks like clef, Tezor, Lastpass, Authy, etc be able to help their customers with login management? Of course the best way is direct access to the network and that is how most here will do it, but I’m thinking about my grandmother here and what she does when she lost her password.

I would love to have choices between login solution(s) that fit my security vs. convience needs.

1 Like

Nice idea actually, we should pursue that a bit further. If possible then it makes an awful lot of sense where folk are secure aware, to provide such a mechanism. The nice thing as you say is recovery and simplicity of use (admittedly after a more complex setup). I looked at this a wee while back and with small on board ARM usb type devices it’s not out of reach, by any means, but an API that would be compatible with such devices would be even simpler.

We still do need to cater for the rest though, but this is very valid.


You know what. I think I liked Keyword/PIN/Password way better. It’s segmented and easy enough to remmember.


Would a medium strength password plus 4 number pin be sufficient? That seems the most natural approach to me.


Is there no way to just use pin and pw with a slightly higher min character count for the pw? I think most people can handle remembering two things and we’re used to the idea of pin numbers already.

1 Like

lol, great minds :stuck_out_tongue_winking_eye: either that or fools rarely differ :wink:

1 Like

At a certain point, you can’t design or engineer around people. People seem to be able to keep their SSN relatively safe, they just need to treat their passwords the same way.

… a deep learning beast that uses 4 NVIDIA GPUs and a password cracking tool called Hashcat. Hashcat lets you do different types of password cracking. Thanks to these GPUs, Hashcat takes billions of plain-text passwords and hashes them using MD5 at a rate of 40 billion per second :


WOW thats fast.

Anyhow speed is not of great benefit here. We are not cracking a locally stored password but one that in all likelyhood can only be tested 3 or less times a second due to lag. The password or details are not stored on your local machine but has to be retrieved and checked if its worked properly and not a dummy account. Just the dummy (random fake but real looking) account will make automated checkers difficult to design.


This post was flagged by the community and is temporarily hidden.


Keep in mind that just because you can only test 3 password guesses at a time per second (or within whatever time frame) per account does not mean you can’t set up a script to cycle through cracking multiple accounts per second and then come back to the failed tries later. Failed, next, failed, next, failed, next, repeat.

I like this. Though keep in mind humans can’t remember sequences longer than strings of 7 or 8 characters/steps. That’s another reason we sequence things and break them down. We often aren’t remembering the full sequence, just the last couple digits and then attatch the appropriate area codes that we know are applicable. Another example would be CD keys or to use a more contemporary example Steam game keys which consist of a string of numbers and letters broken down into sequences with hyphens. This string need not be strictly numeric but the segmentation aspect mentions is important. Also having a password/pin/string generator would be handy to include in the launcher for such purposes.

1 Like

Here it is in code:

Cool to see that a PIN is derived from the 2 hashes. So the PIN is not gone, it’s created by some math and we never see it as far as I understand this one :kissing_heart:.

1 Like

There are other deterrents to brute force. If you dig under the hood, in the code you will find an Scrypt based password hashing:

We currently set the values to and

That means we use around 16 MB’s of RAM and over 500 thousand computations (thus a lot of cpu cycles), twice, to generate the final crypto keys which will locate and decrypt your account. Brute forcing a plain text password as mentioned shouldn’t be as easy. Further those limits are currently a recommended base line. If increased, it can be made to utilize ~1 GB of RAM and intense number of CPU cycles (as mentioned here, a ~2 secs on a 2.8 GHz i7 !). So while the correct credential will take a ~2secs to generate correct keys and then fetch the packet from the network and then decode it, rapid succession of incorrect ones stand a slim chance. If you choose a strong password yourself, plain text brute forcing is going to be a big ordeal.


IMO Suggested passwords and password managers should be able to solve the problem.

At least suggest strong passwords but let the user set their own if they wish? To be scrutinized by a strength meter if it’s set independently.

Defensive Security | 52:30 - 1:02:00

1 Like

It may end up being there are multiple launchers: one that accepts a single passphrase, one with three-part login, one which expects bip39, one which requires a file containing encrypted credentials, one that uses sqrl etc… after all, this is just a way to derive an underlying secret.

I can see the maidsafe launcher will be ‘the main launcher’ and default for all new users, but it’s not like it must be the only launcher.

A good option is to have a widget built into the launcher create-account process which can generate passwords in various formats and to various strengths to suit the user.

To me the biggest problem with login is brains can’t generate randomness. It’s up to the app to provide as much help generating a random password appropriate to that user both in format and in strength.


generate, tag and store passwords [quote=“mav, post:39, topic:10326”]
I can see the maidsafe launcher will be ‘the main launcher’ and default for all new users, but it’s not like it must be the only launcher.

Lastpass Launcher - ‘Secure Access For Everyone’ on every network :wink:

1 Like