Security feature request: Lock wallet on open


#1

Can you also prompt for the password before opening Daedalus? By default, the wallet just opens and displays total funds and transactions. Would be great if you can also support a U2F FIDO key for 2-factor auth… maybe password + U2F for opening the wallet and U2F / OTP for generating a new address?


#2

2 factor auth would be awesome! I hope the team picks this up.


Why is the Daedalus wallet enforcing provably less secure password requirements?
#3

@Ghost Yeah. Most hacks are from keyloggers. I’ve also noticed that the password policy of Daedalus may already be outdated. Here’s a good article about NIST special publication on digital identity: https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/

The referenced research (http://www.cs.umd.edu/~jkatz/security/downloads/passwords_revealed-weir.pdf) says

…a policy mandating that a user include at least three digits in a password will often result in the user simply appending “123” on the end of an insecure password. A sufficiently sophisticated password cracker will be aware of these strategies and incorporate mechanisms for breaking them into their tools.


#4

I hope it is possible. Google auth or SMS auth.


#5

Google Auth (soft tokens)/U2F FIDO (hard tokens) integration is possible but someone has to host the server (translates to centralized) so this might be in conflict with a decentralized design. The missing piece here is a trusted third pary that keeps the hard/soft token’s public key and can authenticate against generated OTPs. This third party could be the blockchain network itself but I’m not really sure about this implementation. I know Cardano researchers and developers are way smarter than I am and could possibly already have an answer.

I’m not confident with a SMS 2FA because I’ve read it is insecure.


#6

I agree good point for sure.


#7

2FA is a good idea, but implementation needs to be cautious. If I break my phone and lose access to google authenticate I have effectively lost access to my wallet.


#8

@Latent_Axiom I agree. Some application solves this by allowing a user to register multiple 2FA tokens with printable backup codes.


#9

The Daedalus roadmap might be out for the next roadmap release. They have a huge backlog of features. I also want a travel-mode-type feature that 1password uses: https://blog.agilebits.com/2017/05/18/introducing-travel-mode-protect-your-data-when-crossing-borders/
It would have to be a bit different obviously, but we are thinking about these things.


#10

@io_jeremy This is so cool! Sounds like a spy movie. Thanks for sharing!


#11

I am also very surprised no password is required to start Daedalus app or to open your wallet. ( my only 2 other wallet experience is Myetherwallet Chrome extension and Eidoo on Android, which both asks password to “open” wallet )

For testing fun, I’ve uninstalled the Daedalus app and re-installed it (windows 10) , and I was very surprised the app directly listed my wallet. I’ve uninstalled app again and searched for possible left over config files, but could not find any.

I am new to Crypto-world and ADA, so I might be missing some informations, but I would have assumed that after un-installing Daedalus app and installing it again, you would have to add again your wallet information ?


#12

@Antoine_Levaque It appears that the wallet stores its data in C:\Users\<username>\AppData\Roaming\Daedalus. Check that folder after uninstalling.


#13

I agree with these good suggestions, however, they should be optional by user preference. Some people may opt for a more complex password vice 2 factor because they do not want to trust a 3rd or 4th party, or have to rely on a 3rd or 4th party. Some people may want to access their data while not connected to the internet.


#14

Come to think of it, there is no need for a 3rd party to host the FIDO U2F’s public key. It can be stored within the Daedalus client just like how the password verification is done right now.


#15

You have my vote for U2F FIDO Auth! Would be very nice to have


#16

2FA is pretty much essential these days for authentication to remote services, but it is entirely pointless to authenticate to your own local wallet, because a local attacker can skip authentication. If an attacker has access to your filesystem, they don’t need to go through some app like Daedalus, they can go ahead and copy your private key, which is your wallet. It’s just a method to verify that you indeed have a certain secret password, without disclosing that password. In contrast, you can apply strong encryption to your private key, this way if the attacker gains access to your filesystem and the private key file, they can’t do anything with the encrypted file without knowing the password. This is supported in Daedalus, and is the next best thing until we have hardware and paper wallets.

This is how 2FA works:

  • A secret key (a password) is generated and stored on the remote server.
  • This secret key is shared e.g. via a QR code, and you scan it with your phone.
  • When you log into somewhere, you type some numbers from your phone into your browser, and send it to the server. These numbers are a hash of the secret key and the current time combined, generated using e.g. the TOTP algorithm.
  • The server does the same, it generates those numbers based on the secret key that it has stored for your account.
  • The server verifies that the one-time password you input and the one it generated match, thus proving that you are in possession of the secret key.
  • The server lets you proceed.

If the server is your local computer and the adversary gains access, they can modify the software to skip to the last step, and they can then go ahead and steal your ADA. Also, if an attacker has access to your computer, they can copy the 2FA secret key (which needs to be present for 2FA to work), and they can then generate the same codes as your phone does.