• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

security in evolution

eerygarden

Member
I've been thinking about the security in evolution with regards to the username and password and I have a question that I at present do not feel secure about. If evolution is to be accessible from any device via a simple username and password does this mean that anybody who gains access to your username and password will have access to ALL of your funds?

We have been trained to keep our seed keys offline and we do not type our seed keys in to online machines (at least I don't). Will typing a username and password be the equivalent to typing in your seed key as this strikes me as an insecure way to access all of a users funds?

Am I missing something and could somebody please help me out with that?
 
I've been thinking about the security in evolution with regards to the username and password and I have a question that I at present do not feel secure about. If evolution is to be accessible from any device via a simple username and password does this mean that anybody who gains access to your username and password will have access to ALL of your funds?
True.
Don't put all your coins in one account you use daily. Keep the mother load in a trezor and or dash-qt wallet. Just like today you have something in your physical wallet and the rest secure at the bank.
 
True.
Don't put all your coins in one account you use daily. Keep the mother load in a trezor and or dash-qt wallet. Just like today you have something in your physical wallet and the rest secure at the bank.
Ok. I'm familiar with the use of a thin wallet. So evolution is to be used in practice like mycelium? It's just that in the demo there is a "savings account", which suggests otherwise.
 
Yeah, just like a phone wallet right now.
And, it's being developed in the next 2 years so all security options and possibilities are not known yet.
 
How will Evolution handle brute-force attacks, for instance? Is there a way to mitigate them, in a decentralized login system?
 
I think good passwords and good opsec. Incorrect logons could come with time-outs, just like a trezor i guess.
Not good enough. Hackers are usually not "guessing"... they know. People use the same passwords over and over on different sites and sites get hacked all the time. There will have to be some form of two factor authentication. You can check to see if your email or username has ever been hacked by searching here... https://haveibeenpwned.com/
 
Not good enough. Hackers are usually not "guessing"... they know. People use the same passwords over and over on different sites and sites get hacked all the time. There will have to be some form of two factor authentication. You can check to see if your email or username has ever been hacked by searching here... https://haveibeenpwned.com/
That's not news dude. I'm sure there will be options for that.
 
Vaults will probably have a different security scheme, like a different HD seed / passphrase / keyfile and timelocks.
 
Fingerprint is very low security. It is more for convenience, and is a bit better than the traditional "slide to unlock." That's why when you set up fingerprint security on the phone, it also forces you to use a real password too, sometimes. But for small amounts/daily use, it would be fine. Just like you're not going to keep many thousands of USD in your physical wallet in your jeans pocket.
 
Back
Top