Security feature: Show seed phrase only after entering password #872
Comments
ghost
added
the
|
well, if someone has access to your device they could also send all the money out. |
Yes, that is true. If a person cannot extract the seed then it can only either steal from the wallet now or never. Therefore I ask to lock the seed in the UI. |
|
Even though @MarnixCroes argument is valid, I think this is a reasonable request. Thanks @oPFGKk9gtuw8nuHkzrQn 🙏 |
theborakompanioni
added
good first issue
|
I would like to work on this @theborakompanioni can you assign me this issue |
JAM.jesus.first.issue.2024-12-23.at.12.25.25.AM.movThis is the video @theborakompanioni I have solved this issue if any changes you want I will be doing other changes please tell me other wise I am ready to submit a PR Thank you |
Is your feature request related to a problem? Please describe.
When logged into JAM, any user of that computer can easily access the seed phrase by simply selecting "Show seed phrase" as shown in the attached screenshot. This presents a significant security risk, as there is no additional authentication step required to view this sensitive information. This lack of a security barrier could lead to unauthorized access to the wallet if someone else gains temporary access to the browser window.
Describe the solution you'd like
Implement an additional layer of security for displaying the seed phrase. Specifically, when a user attempts to view the seed phrase, they should be prompted to enter their wallet password again. This step would ensure that only the legitimate wallet owner can view the seed phrase, adding an essential security checkpoint.
Describe alternatives you've considered
Timed Access: Allow the seed phrase to be visible for only a short period (e.g., 30 seconds) after successful authentication, after which the user would need to re-authenticate to view it again. Or lock the browser window after a certain amount of time.
Additional context
The text was updated successfully, but these errors were encountered: