BitShares Forum
Main => General Discussion => Topic started by: JonnyB on March 27, 2017, 04:13:31 pm
-
New "steemit style" login, "quick buy" options ++.
New login model
There are several big changes in this update, but the biggest one has to be the addition of a new method of accessing your account. Similar to how Steemit handles password based login, the new method lets you set a password (preferably a very long one) that is then used to generate your private keys. As in Steem, the formula is account_name + role + password. This allows you to login from anywhere, completely bypassing the original method of having a wallet that is stored in your browser.
The advantages are:
Ease of use
Accessibility
Reduced complexity
As long as you choose a sufficiently long and complex password (use a password manager!), your keys are safe.
(https://steemitimages.com/0x0/https://steemitimages.com/DQmdgmRx4vfd9HQkp2jDsWigenTyfRCsr2RDvUVYWdyMjBD/login%20selection.png)
If you already have a regular Bitshares wallet, you can migrate to the new model (or use it in combination with the old) by using the 'Account model' form located under Account -> Permissions.
(https://steemitimages.com/0x0/https://steemitimages.com/DQmV6s5qnc1Kz57B9xwxsCw8TJ8bxLWNeSuQp43LARuRJru/account%20migration.png)
Quick buy feature
One of the problems new users of Bitshares have is getting funds into their wallet. Recently I added a quick deposit/withdraw feature to the account home page, and now I've added a 'Quick buy' feature using the Blocktrades API. This lets users quickly purchase BTS/bitUSD/bitCNY among others using their choice of external coins, such as Bitcoin or Ether. The external coins available to be used depends on the Bitshares asset you're wanting to buy; while BTS can be bought with BTC/ETH/DASH and STEEM, bitUSD can only be bought using BTC for example.
(https://steemitimages.com/0x0/https://steemitimages.com/DQmc4DdGHRwEX1yv7KKHgVNN92P8gxinSBcC4rSLL9wSgVT/quick%20buy%20USD.png)
https://bitshares.org/wallet is already up to date, and you may find light clients here: https://github.com/bitshares/bitshares-core/releases/tag/2.0.170327
Full list of changes below:
New features
Add password based login using account+role+password as private key seed
Add a Migration option to add password based keys to an existing account
Add password strength checker to password input
Update account creation using password login method
Use AccountImage in header instead of User icon
Add language selection dropdown with flag symbols to Header
Add a 'Quick buy' modal for blocktrades bridge deposit requests
Add blocktrades bridge deposits to the Exchange Buy/Sell box
Make OPEN.X trade links default to X_USD pair
Add CSP policies for improved security
Allow users to disable auto-lock by setting timeout to 0
Include OPEN.DASH as one of the default assets available for deposits
Restore the small depth chart
Move the 'borrow X' buttons to the Buy/Sell boxes
Bug fixes
Add a wallet creation link to WalletUnlockModal
Fix some missing translation
Ensure all href links have window.opener clobbered
Remove TCNY deposits
Add vesting_balance_withdraw to ProposedOperation.jsx
Fix the calling of calcMarketStats in onSubscribeMarket
Improve how low volume markets are determined, add OPEN.DASH
Fix some pricechart resizing issues, put all controls on the same line
Tweak the dropdown css
Improve the price calculation of getMarketStats
Add missing translation of deposit withdraw title
Refactor Create account layout, add some text
Fix some minor header and Chat issues
Add missing translation key for supposed scammer accounts
Fix some possible issues in BlocktradesMethods and WithdrawModalBlocktrades
Wrap localStorage 'get' in try/catch to catch parsing errors, fixes Deposit/Withdraw issues for some accounts
Adjust the xAxis range for depth charts with no bids but asks
Fix blocktrades dropdown colors
Make the openledger fiat registration open in a separate browser
Fix some minor issues in Header and WithdrawModal
Fix transfer asset selection dropdown not showing more than 9 assets
Adjust the positioning of the cog header dropdown
Remove the borders in the electron header navigation buttons
Use default cursor to indicate account is not clickable with 1 account
Fix error when clicking on Header account with only 1 account present
THIS WAS ORIGINALLY POSTED BY SVK HERE: https://steemit.com/bitshares/@svk/bitshares-gui-release-2-0-170327
-
Excellent! Lots of great features. I am very appreciative of your and svk's work. Thanks
One thing though
As long as you choose a sufficiently long and complex password (use a password manager!), your keys are safe.
...and so long as you also have a 100% clean OS; in an isolated environment, trust the OS image, trust your internet connection isn't routed via an attacker, and don't fuck up by accidentally logging in via a potentially compromised computer.
WOOPS! Time to start over again and secure a new account...
Keyloggers now have the potential to ruin your financial life. New customers are going to be scared away until this is resolved with hardware wallet (trezor) support
Only then you're safe
I would welcome being proven wrong :)
-
WOW! @svk you really hit it out of the park with these changes. A W E S O M E !
-
Move the 'borrow X' buttons to the Buy/Sell boxes
Shit! I thought it is gone!!!
To be serious, GUI improved a lot during last couple of month. Good job.
-
Excellent! Lots of great features. I am very appreciative of your and svk's work. Thanks
One thing though
As long as you choose a sufficiently long and complex password (use a password manager!), your keys are safe.
...and so long as you also have a 100% clean OS; in an isolated environment, trust the OS image, trust your internet connection isn't routed via an attacker, and don't fuck up by accidentally logging in via a potentially compromised computer.
WOOPS! Time to start over again and secure a new account...
Keyloggers now have the potential to ruin your financial life. New customers are going to be scared away until this is resolved with hardware wallet (trezor) support
Only then you're safe
I would welcome being proven wrong :)
You should use Zemana AntiLogger. Don't type anything sensitive on a computer that doesn't have AntiLogger installed. And use a password manager so you can have a different extremely long password for every log in.
-
Excellent! Lots of great features. I am very appreciative of your and svk's work. Thanks
One thing though
As long as you choose a sufficiently long and complex password (use a password manager!), your keys are safe.
...and so long as you also have a 100% clean OS; in an isolated environment, trust the OS image, trust your internet connection isn't routed via an attacker, and don't fuck up by accidentally logging in via a potentially compromised computer.
WOOPS! Time to start over again and secure a new account...
Keyloggers now have the potential to ruin your financial life. New customers are going to be scared away until this is resolved with hardware wallet (trezor) support
Only then you're safe
I would welcome being proven wrong :)
You should use Zemana AntiLogger. Don't type anything sensitive on a computer that doesn't have AntiLogger installed. And use a password manager so you can have a different extremely long password for every log in.
So: use antilogger to type in extremely long password, then change the bts password whilst logged in? So there's a new password every time?
Zemena antilogger reviews don't look too good. Allegedly it encrypts the text you type, then decrypts it so that the website can receive it.
Apparently decent/advanced keyloggers can defeat it. What do you think?
-
just keep your anti vir and malwarebytes updated. no need for some useless bloatware
-
Lots of nice changes with this one, good job +5%
-
just keep your anti vir and malwarebytes updated. no need for some useless bloatware
Whats the dollar limit for your level of trust in antivirus software?
One mistake and it's gone forever, right?
Sorry to bang on about it, but I'm certain well capitalized investors are scared away from trading on the DEX for security reasons.
Would a multi-sig login from 2 separate computers defeat all dragnet-type threats?
I'm not talking about defeating a dedicated attacker targeting a specific individual
-
Excellent! Lots of great features. I am very appreciative of your and svk's work. Thanks
One thing though
As long as you choose a sufficiently long and complex password (use a password manager!), your keys are safe.
...and so long as you also have a 100% clean OS; in an isolated environment, trust the OS image, trust your internet connection isn't routed via an attacker, and don't fuck up by accidentally logging in via a potentially compromised computer.
WOOPS! Time to start over again and secure a new account...
Keyloggers now have the potential to ruin your financial life. New customers are going to be scared away until this is resolved with hardware wallet (trezor) support
Only then you're safe
I would welcome being proven wrong :)
You should use Zemana AntiLogger. Don't type anything sensitive on a computer that doesn't have AntiLogger installed. And use a password manager so you can have a different extremely long password for every log in.
So: use antilogger to type in extremely long password, then change the bts password whilst logged in? So there's a new password every time?
Zemena antilogger reviews don't look too good. Allegedly it encrypts the text you type, then decrypts it so that the website can receive it.
Apparently decent/advanced keyloggers can defeat it. What do you think?
I haven't seen any bad reviews of Zemana as an anti-keylogger, and it's been around for years. But they also do anti-malware now, and I'm not too sure how good that functionality is. Maybe that's where the review comes from. Either way, I doubt Zemana or any anti-keylogger is 100%, and certainly wouldn't rely on it alone, but it's an extra layer of protection in conjunction with anti-virus and anti-malware software, and it's pretty lightweight.. As for using Antilogger, it just runs in the background, and it should start up automatically when your computer starts.
But I was saying previously it's a password manager that enables you to realistically use very long passwords (40+ upper case, lower case, numbers, and special characters), otherwise you couldn't possibly remember them. The password manager also enables you to use a different very strong password for everything you log into, which is another good precaution that is really only feasible with a password manager. Just make sure to use a long master passphrase to secure the password manager itself.
Speaking of which, I have a fingerprint scanner, so that's a good option for logging into your password manager without having to type your passphrase once let alone multiple times throughout the day (i.e. when it times out, which you can also adjust). The fingerprint scanner is obviously really convenient, and it's also safer since the previously discussed keylogger protection is unlikely 100%. But if you don't have a fingerprint scanner and want to be extra safe logging into your password manager, you can use the password manager's virtual keyboard login screen. Hope this helps.
-
Hi guys,
I see that openledger now has the option to login as wallet model and account model.
Can you tell me if it is possible to "convert" an account that was initially created as wallet model to an account model?
-
Hi guys,
I see that openledger now has the option to login as wallet model and account model.
Can you tell me if it is possible to "convert" an account that was initially created as wallet model to an account model?
Yes, I am quite certain you can begin to use the login anywhere model if you like. Make sure you use a long password without dictionary words or you will be dramatically increasing your chances to be brute force hacked. YOU are responsible for your wallet's security! Act accordingly.
-
Will the BitShares community please learn the lessons that Steemit had to learn the hard way?
Regular users cannot be trusted to generate high-entropy passwords suitable for the Account Model.
I submitted an issue (https://github.com/bitshares/bitshares-ui/issues/177) on GitHub regarding this.
-
Will the BitShares community please learn the lessons that Steemit had to learn the hard way?
Regular users cannot be trusted to generate high-entropy passwords suitable for the Account Model.
I submitted an issue (https://github.com/bitshares/bitshares-ui/issues/177) on GitHub regarding this.
+5%
Not only this, but half of the customer support requests involve confusing the account model with the wallet model. We should stick to having only one option and having the other option in an "Advanced" tab or something similar.
-
Will the BitShares community please learn the lessons that Steemit had to learn the hard way?
Regular users cannot be trusted to generate high-entropy passwords suitable for the Account Model.
I submitted an issue (https://github.com/bitshares/bitshares-ui/issues/177) on GitHub regarding this.
+5%
Not only this, but half of the customer support requests involve confusing the account model with the wallet model. We should stick to having only one option and having the other option in an "Advanced" tab or something similar.
that's up for businesses to decide. core wallet should showcase every possible option
-
I'm not sure I understand what you mean. Bitshares is a business. We should decide. And we have- showcasing both options is the decision made thus far. I'm sharing my opinion based on all the problems that it is causing our users.