The BitShares Hosted Web Wallet is ready...

[mike623317]

Is there any way to backup my online wallet?

1) Click on the drop down menu labeled with your account name near the top right corner and click the item labeled "Advanced".
2) Click on the "Wallet" tab.
3) Type in your wallet password in the text box next to the "Brain-Key" label.
4) If you type in the password properly, it should display your brain key in the text box.
5) Copy that brain key somewhere safe. If anyone gets access to those string of words, they will get access to all of your accounts and funds in that web wallet.
6) You can later use that brain key to recover your wallet on another computer/OS/browser (or on the same browser if you were to clear your browser local storage).

Thank you

[arhag]

Is there any way to backup my online wallet?

1) Click on the drop down menu labeled with your account name near the top right corner and click the item labeled "Advanced".
2) Click on the "Wallet" tab.
3) Type in your wallet password in the text box next to the "Brain-Key" label.
4) If you type in the password properly, it should display your brain key in the text box.
5) Copy that brain key somewhere safe. If anyone gets access to those string of words, they will get access to all of your accounts and funds in that web wallet.
6) You can later use that brain key to recover your wallet on another computer/OS/browser (or on the same browser if you were to clear your browser local storage).

[mike623317]

Hi,

Is there any way to backup my online wallet?

Thanks
Michael

[Thom]

Kewl!

Thanks arhag!

[arhag]

I googled it, but can't find any def for "brain key". Would someone explain what that is or point me to a definition?

A brain key is basically a passphrase that deterministically generates the wallet master private key. The wallet master private key deterministically generates the owner private keys for all of the accounts created in the wallet. So if you know the brain key of a wallet, you can easily get access to all of the accounts of that wallet.

When creating a new wallet it is possible to specify a custom brain key (that is advanced usage), but typically a random one is generated by the computer when creating a new BitShares wallet.

It is called a brain key because if you are able to memorize this key (or alternatively create a wallet with a slightly more memorable brain key passphrase than a randomly generated one), you can gain access to all of your funds and accounts at anytime solely from the knowledge stored in your brain. And if you do not store this key or any other relevant keys derived from this key anywhere else, then you maintain exclusive control over your funds in your head and the only way anyone can get access to it (assuming the passphrase is actually good enough to not be brute forced) is if you choose to give up the brain key to them (excluding rubber-hose cryptanalysis of course ).

[arhag]

The masterkey is random .. something humans cannot generate ..

But you have to write it down, which leaves an attack vector open.

That's a different kind of attack. The attacker would have to attack that specific victim (by breaking into his home and stealing the paper he wrote the brain key down on, or hacking into his personal computer).

However, if the brain key is chosen by the user rather than randomly generated by the computer, then the attacker can just go through a rainbow table and even just brute force simple password combinations and eventually find some victim (not a particular one just any victim who chose an easy password). We can guarantee there will be users who choose easy passwords (the password doesn't even need to be that simple to brute force) and these users will be hacked if the wallet master key is solely derived from a password the user chooses.

[Thom]

I googled it, but can't find any def for "brain key". Would someone explain what that is or point me to a definition?

Thanks!

[monsterer]

The masterkey is random .. something humans cannot generate ..

But you have to write it down, which leaves an attack vector open.

[xeroc]

The masterkey is random .. something humans cannot generate ..

[monsterer]

it seems some complicated for now.
Maybe we can learn NXT web wallet : secureae.com

NXT uses the password to derive a brainkey .. this is a security issue and different in this wallet for that reason

How is this a any different than a single master key to recover all accounts?

[xeroc]

it seems some complicated for now.
Maybe we can learn NXT web wallet : secureae.com

NXT uses the password to derive a brainkey .. this is a security issue and different in this wallet for that reason

[xiahui135]

it seems some complicated for now.
Maybe we can learn NXT web wallet : secureae.com

[merivercap]

I've tried to log in the web wallet with what I remembered as the password, but it's not working.

Is there any recovery mechanism as I continue to try?

I tried login with my password and it went to create a new account. I entered my saved brain key for the new account and it opened my existing account.

Great thanks!   I tried and it worked!  Awesome.  I guess it would be nice if there was a recover link on the first Log in page... but happy I'm able to access now. 

[konelectric]

I've tried to log in the web wallet with what I remembered as the password, but it's not working.

Is there any recovery mechanism as I continue to try?

I tried login with my password and it went to create a new account. I entered my saved brain key for the new account and it opened my existing account. 

[konelectric]

This BitShares web wallet has the same trust/security model as blockchain.info. So if you trust blockchain.info you can (in theory) trust this web wallet (although I cannot vouch for the security practices of whoever is managing the wallet.bitshares.org host compared to the blockchain.info servers). Now call me paranoid, but I personally do not trust blockchain.info with my BTC for the reasons I already stated earlier in this thread, so you can imagine I would feel the same way with this BitShares web wallet.

My blockchain wallet has an email confirmation to login and one to withdraw funds. My bitshare web wallet dose not. 

Also I notice the bitshare web wallet don't have any account backup.