Password on transaction flow

[faboweb]

As of user feedback we decided to not persist the password in the state. As a result we will ask the password on every transaction.

Scope:

• The transaction modals will need a new input field to enter the password.
  • Note: the password needs to be passed through to the send function
• Design the new modal signing flow Implement multi step action modals #1735
• On login the user doesn't need to enter a password Remove session sign in/up for read-only purposes #1718
  • We could just remember the last login and skip the login screen (yeah!)

[jbibla]

On login the user doesn't need to enter a password

i think we should let users choose if they want this

[cwgoes]

Different users may have different requirements. For me this would make a lot of sense, for two reasons:

• Often I might open Voyager just to view state / check if I've received a transaction, for which I will never need my password (or Ledger).
• When I do in fact send transactions, I want to double-check each before I send (lest I click a button by mistake) and I don't mind being prompted for my password each time (I'd rather be, since it's clearer that I'm "signing something").

I think it also helps with application security, since we no longer need to persist the password in state (so any kind of code injection wouldn't be able to copy it, although they could still display false things to the user).

[jbibla]

thanks for the input @cwgoes! i think this makes a lot of sense and was excited to hear the idea!!

Often I might open Voyager just to view state

true, but i feel some folks might like the comfort of knowing that if someone else uses their computer or if they are on a public machine that a password will be required to view "their state"

voyager on the web will provide a hub-wide state view - but for accounts which include an account name and certain preferences over time, this could feel like an invasion of sorts. that's why i like giving the user the option (a checkbox that asks whether or not they want to enter their password to view their state)...

we no longer need to persist the password in state

yep. this sounds great.

[faboweb]

isn't the state public anyway?

[jbibla]

technically, yes. but "logging in as someone else" doesn't feel right. what your proposing would mean you could pick any address and use voyager as if it were your own account ... right?

[faboweb]

you could pick any address and use voyager as if it were your own account

yeah, let's discuss today

[faboweb]

Note: This would probably mean 2 passwords. One for the local account. One for the private key. Am I correct?

[jbibla]

good question - we'll discuss!

[faboweb]

• we have one password for the private key (for signing)
• we have no password for the settings (for logging in)
• we auto login
• we sign on a transaction

[fedekunze]

Often I might open Voyager just to view state / check if I've received a transaction, for which I will never need my password (or Ledger).

That's true, we can include that behaviour once we merge in the explorer as the read-only version of voyager. I'll create an issue.

[fedekunze]

On login the user doesn't need to enter a password
We could just remember the last login and skip the login screen (yeah!)

I'd change this to remember the last address for querying purposes

[faboweb]

The last feature needs more thinking is handled in #1953