Secure login disabled: improve security of "Show account private key" modal. #3397
Comments
onvisions
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related to: #3362 (comment)
Currently if the secure login has been disabled the user is able to see the private key as soon as Show private key modal is opened.
Current state (see recording):
showKey.mp4
Problem: Security risk. When the user is clicking on the "Key" button on Account details screen they might not be aware the account private key will be displayed directly and without warning on the very next step of the flow. So the user might not be in a safe environment (the screen might be exposed to surveillance camera etc.)
Suggested solution: the private key should be displayed blurred until the user clicks on the "Show private key" button. Some browsers don't support properly blurring so we may show the key with dots and then apply the blurring. The aim is to have the key hidden until user clicks on the "Show private key" button.
DESIGN:
Browsers supporting blur:
Browsers not supporting blur:
FIGMA REFERENCE:
https://www.figma.com/design/3oGLWzSH0oJljo4RETZtur/Superhero-Wallet-UI-(%E2%9C%94%EF%B8%8FUpdated)?node-id=37597-265273&node-type=frame&t=hvQBU9kxFrQhm7zE-0
The text was updated successfully, but these errors were encountered: