Opening the wallet without a password!

BMWr1150r · 5 March 2018 19:29

I have installed Daedalus on my Mac and successfully added ADA. When I open Daedalus, it goes straight to the summary page showing my balance. Should I not be required to enter my password?

TIA

Shunfan · 5 March 2018 19:31

It is expected. Daedalus only requires you to enter the password when you try to make a transaction or generate a new address.

raytix · 5 March 2018 19:56

They key is your pw and its fixed unless you want to make a new wallet, The pw locks your application access but if you use the key on a new desktop you will have to re-apply the pw.

BMWr1150r · 6 March 2018 16:14

Thanks so much!

maki.mukai · 6 March 2018 17:20

Shunfan is right - and in case you didn’t set up a password, you can always set up your spending password in the settings

grytchen · 11 April 2018 08:39

Hello, this is my first post. I installed Deadalus and added some ADA. But very strange no password is needed to open the Daedalus Wallet. I think most people don’t like that. I don’t. I think there should be a password protected login.

I really like the Cardano Project, but this is a big disappointment. I think a wallet needs a password protected login. I don’t want to use another application software layer to make it password protected, as I saw in another posting.
Not everybody has a computer for his/herself…
I hope it will be changed in future updates…

CosmosX · 11 April 2018 08:46

I’m not a cryptographer myself, but if the crème de la crème of the cryptographic community working on Cardano didn’t feel necessary to add a password feature, they surely have a good reason.

Think that a malicious individual who is able to own your computer is surely also able to bruteforce / keylog your password.

My point is that a password can give an illusion of protection and just because you don’t have one doesn’t mean you’re not protected, as long as you don’t click on every dangerous link around. The real protection is beforehand the password feature.

vantuz-subhuman · 11 April 2018 09:32

Hello! For now it is decided to only use a “spending password”, that disallows other people to spend money from your wallet. But I easily see why someone would want to have a way to disallow other users to see their wallets at all. Your point about “Not everybody has a computer for his/herself…” is perfectly valid.

But for now the Daedalus wallet is still in deep-development phase, so most probably it’s just that they have put this feature for later, so they could have more time to decide - what would be the best way to implement it, and for users to use it. Foe example: should it be a password on the program launch itself, or a password on multiple accounts inside the program, where each account has it’s own set of wallets and settings.

I also hope that something like this will be implemented, but for now it is unfortunately not the immediately prioritised project.

grytchen · 11 April 2018 09:36

Hi CosmosX, no I don’t agree with your arguments. They have nothing to do with it. You talk about illusion of protection…Cardano probably has a good reason to etc. Nonsens. Fine that the real protection is beforehand the password feature… Good but…

Look, not everybody has a computer for his/herself as I mentioned before. And if someone else uses that computer, another person can click on daedulus and immediately see your funds. And everyone who holds Cardano knows that the daedulus wallet has no password, and so they can just click daedalus if they see it on another computer, just because they are curious for example. Also if your computer is stolen, the people stealing can open daedalus and see ho much funds there are. Suppose it is a lot. It will give reasons for them to make free time to inspect/hack the computer further because now they know the computer they have stolen from, has a lot of funds.

Also I see a lot of other people asking the same question. It is the only wallet until now that I have seen without password protected login, and it is wrong. Not a good idea. I am really disappointed.

RobJF · 11 April 2018 09:43

It is not the only one, Jaxx and Zen Swing are just two that I happen to know, there might be others.

grytchen · 11 April 2018 09:47

Hi @vantuz-subhuman,
Ok, yes I understand the development phase, so lets give Cardano much more time to develop.
But as a user, I thought it is important to give my opinion, because a lot of people don’t like it. and if nobody speaks up, they will not change it. I think the Forum is meant to mention those bugs/improvements/ideas. I will see and wait what happens in the future. I hope they will come with password protection, as other wallets also do…

grytchen · 11 April 2018 09:48

OK fine, I don’t like it. I have good reasons/arguments for it.

RobJF · 11 April 2018 09:53

I didn’t mean to imply disagreement on the main issue, I just thought it was worth noting that there are others.

CosmosX · 11 April 2018 10:12

@grytchen. Thanks for your reply. Of course it would be better to add one, and you’re absolutely right in saying that if other people are using the same computer, it should at least be password protected. There is no denying that, and IOHK is probably working on it as pointed out by Rob and Vantuz.
I am not sure whether your raised it a general concern or if you are personally annoyed because someone you don’t trust uses the computer on which you have Daedalus installed?

In the meantime I see 3 temporary options to solve it:

Make sure that you have your list of secret words stored somewhere safe with a back-up of it, then delete/uninstall Daedalus from your computer, keeping in mind that your coins are not stored in your Daedalus but on the blockchain. This list IS your coins. That’s the safest option. You can then recover your Daedalus using this recovery seed at any time.
Encrypt Daedalus with a software such as Veracrypt. More complicated
Use a password protected Virtual Machine and Install Daedalus on it (bonus: it adds a layer of security from the host machine). Even more complicated but feasible with instructions

vantuz-subhuman · 11 April 2018 10:23

It is very good that you have chose to speak about it on this forum, and no one have implied any blame on you for it

Yes, that is exactly what forum is for, and we’re just continuing the discussion, so all the views and possibilities will be open for people who read these topics afterwards.

I have created this GutHub issue, that describes the problem and possible solution, as I see it, and also links back to this discussion, so it may be continued to be questioned here.

github.com/input-output-hk/daedalus

Add option to use password-protected accounts on the same Daedalus instance

opened 09:54AM - 11 Apr 18 UTC

vsubhuman

feature-request

For now, Daedalus has completely open and transparent interface, that is - anyon…e who opens it, may see all the data and all the wallets, and only restricted from spending money from a wallet if it does have a spending password. 1) This assumes a single computer or a computer account being used by a single person. While this assumption probably holds for the majority - there are still a lot of people who often share the same computer or even the same account. 2) If someones computer is stolen - having a "spending password" will protect them from getting their assets spent, but it will in no way protect their personal information from being openly observable: like, which wallets and addresses do they own, how many assets they possess, etc. That could actually be a **very** sensitive information for some people. Both of these points may be critical for some users, who want to use the wallet software but in the same time is not willing to expose the personal information of their wallets. It is additionally discussed in this thread: https://forum.cardano.org/t/opening-the-wallet-without-a-password/9136 It would be very nice to have these options: 1) By default, Daedalus is open in the same way as now - but there's an option in settings to set a password to it. When password set - there's still a single account on that Daedalus, but when it's launched - user is prompted to: either enter a password, or create new empty account. 2) Whenever Daedalus is launched - there's always an additional option in settings, to "create new account". When new account is created with a name (default one may be called "default" or "main" automatically with an option to rename it) - at the next start Daedalus prompts user to select one of the accounts to be used. When user have selected one of the accounts (if there're multiple of them) - there's an additional option to "log out" that would move user back to the account-selection screen. Each account may be optionally protected by a password on its settings page. Multiple accounts in the same Daedalus instance seem to work nicely together, since all of them ma share the same chain-data. So whenever the Daedalus is launched - it first downloads the missing chain-tail and then proceeds to work with any of the selected accounts. Basically (in simplified view, of course) it would only require to keep a mapping of "account authentication data" to the "Wallet DB" with the seed, address caches, etc. So basically like a multiple wallet collections on top of the same chain, identifiable by an "account name" and protected by a password. Of course, spending password should still be available for any of users and wallets.

I am also hoping that they will get to this feature sooner or later. But as it is - Cardano is in early development for now. No software for now is in no form considered to be a “final product”. Cardano is at its least a 2020 project, and for sure will be continually improved afterwards also. So for now we just have to accept the roadmap and the fact that some features may be not as prioritised as we would want

Not_Anonymous · 11 April 2018 17:18

I just got an encrypted external hard drive and installed Daedalus on there. If I want to open Daedalus, I just enter the password for the drive and then access the wallet. It’s a temporary fix, but it gives you the features you want right now.

vantuz-subhuman · 11 April 2018 17:30

Wow, @Not_Anonymous, that’s actually cool stuff! Could you please provide us with some details, like: what drive’s model you are using, how expensive it is approximately, what OS did you use to install it in there, and were there any complications in the process, or was is smooth all the way?

I am personally and the community would really appreciate the info! Thanks!

Not_Anonymous · 11 April 2018 19:09

Here is what I used. Fairly simple to copy it over, but if you don’t use it to get onto the system for a while, then it takes some time to sync. It is the only thing I have on there as I am kind of paranoid about security with crypto.

RobJF · 12 April 2018 08:55

So the DB and Wallet folders remain on the main drive?

Not_Anonymous · 13 April 2018 01:51

I believe so, but I need to double check. I only open it from there and it doesn’t appear anywhere else that I know of, but I need to scrub the files. I need to try eject the hard drive from my PC and plug it into my laptop when I get back home and I’ll let you know how it works out. I haven’t downloaded Daedalus to it yet, so it will be a little bit of a test run.