Thank you very much for your response! Here are my thoughts
Correct, sophisticated users can configure their private keys and wallets in many ways at the moment, but a regular user typically follows standard flow which is not that safe. The main idea behind our proposal is to make accounts, keys and wallets management easy and user friendly.
Agreed. This can be handled by the UI when signing up, e.g. give the user a checkbox "Enhance account security" which is on per default and would require an active password and an owner password (for both cloud or local wallet login). I bet the BitShares UI team would be happy to welcome you.
Agree, your proposal is very close to our vision. At the first glance your approach seems to be more flexible, while our proposal is more straightforward and easy for user comprehension: it implements user+admin approach. I believe a particular balance to be identified here to make this feature powerful yet easy to use. BTW, what is the status of the BSIP?
I am a firm believer of a flexible approach, while not altering existing behavior. Ease of use can simply be achieved by providing an additional, easy to be found button: "Create trading key" and "Restrict markets" that do the right backend calls. I would not restrict the capabilities of the backend because it allows so many more use cases. The BSIP is in draft stage, I would be happy to collaborate.
The idea is to make a node to generate the device id and store it along with the transaction, so a client has nothing to do with that.
Ok, so that would basically be some kind of hashing of user given values (e.g. MAC adress or IP, some kind of hardware hash etc.). Sending that information to the node (server) brings aspects of user identification and anonymity in play. Question in my head: Is there a way to tighten security without compromising identity?
Yes, similar to Scatter. Not sure for now if web apps like OL or Bitshares UI shall be required to use the app to sign the transactions, it may be an optional feature for good guys. We discussed several options and decided that you can't make all faucets/gates to use the app, anyhow there will be new phishing apps coming and we shall be protected against them. So the main idea is to deliver opensource trusted app to users to allow them to change their private keys, auto-sign correct "device tagged" transactions and manage Active permissions, so that a hacker has little chance to steal your funds even if he has your Active key.
Totally agreed, it should be optional, but it would be awesome as integration. Signing locally outside of the BitShares UI makes ANY phishing attempt immediately worthless as there is no access to the private key at any point. It would require some rework of the UI to allow to define your active account without giving the private keys. The approach to be preferred IMO is to not even let the phishing party get the key in the first place. Anyways, key management outside in an external open source app would be really great!
Correct, but it is not very easy for a regular user to add/remove keys, also, if you lost the key, you may be in big trouble. Enable/disable the key is much more user friendly and safe.
This is merely a question of a button that does the right operations on the backend. An active key that got compromised, or might be compromised, should never be enabled again, ever. I'm unsure what other use case it has. If the key was lost it's also lost after re-activation.
We would like to open discussion and we particularly welcome suggestions and ideas about new security features and the best way to design a specific feature
I appreciate that you are collecting feedback like mentioned in your initial post. I just noticed that the worker proposal has already been created, leaving no margin for alteration in terms of its approach. I personally would have loved explicit collaboration of the UI and core worker to include OpenLedger into the community development. Disclaimer: I don't carry any significant voting or proxy weight. I am part of the BitShares UI team and managing the infrastructure worker that is done by Blockchain Projects BV.