security in evolution

eerygarden

New Member
Feb 13, 2017
31
2
8
36
I've been thinking about the security in evolution with regards to the username and password and I have a question that I at present do not feel secure about. If evolution is to be accessible from any device via a simple username and password does this mean that anybody who gains access to your username and password will have access to ALL of your funds?

We have been trained to keep our seed keys offline and we do not type our seed keys in to online machines (at least I don't). Will typing a username and password be the equivalent to typing in your seed key as this strikes me as an insecure way to access all of a users funds?

Am I missing something and could somebody please help me out with that?
 

Vedran Yoweri

Active Member
Apr 29, 2015
334
152
113
I've been thinking about the security in evolution with regards to the username and password and I have a question that I at present do not feel secure about. If evolution is to be accessible from any device via a simple username and password does this mean that anybody who gains access to your username and password will have access to ALL of your funds?
True.
Don't put all your coins in one account you use daily. Keep the mother load in a trezor and or dash-qt wallet. Just like today you have something in your physical wallet and the rest secure at the bank.
 

eerygarden

New Member
Feb 13, 2017
31
2
8
36
True.
Don't put all your coins in one account you use daily. Keep the mother load in a trezor and or dash-qt wallet. Just like today you have something in your physical wallet and the rest secure at the bank.
Ok. I'm familiar with the use of a thin wallet. So evolution is to be used in practice like mycelium? It's just that in the demo there is a "savings account", which suggests otherwise.
 

Vedran Yoweri

Active Member
Apr 29, 2015
334
152
113
Yeah, just like a phone wallet right now.
And, it's being developed in the next 2 years so all security options and possibilities are not known yet.
 
  • Like
Reactions: eerygarden

daf

Active Member
Oct 18, 2015
176
129
103
How will Evolution handle brute-force attacks, for instance? Is there a way to mitigate them, in a decentralized login system?
 
  • Like
Reactions: eerygarden

Vedran Yoweri

Active Member
Apr 29, 2015
334
152
113
How will Evolution handle brute-force attacks, for instance? Is there a way to mitigate them, in a decentralized login system?
I think good passwords and good opsec. Incorrect logons could come with time-outs, just like a trezor i guess.
 
  • Like
Reactions: eerygarden

dashly

Member
Mar 5, 2017
110
44
78
I think good passwords and good opsec. Incorrect logons could come with time-outs, just like a trezor i guess.
Not good enough. Hackers are usually not "guessing"... they know. People use the same passwords over and over on different sites and sites get hacked all the time. There will have to be some form of two factor authentication. You can check to see if your email or username has ever been hacked by searching here... https://haveibeenpwned.com/
 

Vedran Yoweri

Active Member
Apr 29, 2015
334
152
113
Not good enough. Hackers are usually not "guessing"... they know. People use the same passwords over and over on different sites and sites get hacked all the time. There will have to be some form of two factor authentication. You can check to see if your email or username has ever been hacked by searching here... https://haveibeenpwned.com/
That's not news dude. I'm sure there will be options for that.
 

lynx

Active Member
Dec 11, 2015
364
250
133
Vaults will probably have a different security scheme, like a different HD seed / passphrase / keyfile and timelocks.
 

Bridgewater

Well-known Member
Foundation Member
Dec 14, 2014
183
164
203
Fingerprint is very low security. It is more for convenience, and is a bit better than the traditional "slide to unlock." That's why when you set up fingerprint security on the phone, it also forces you to use a real password too, sometimes. But for small amounts/daily use, it would be fine. Just like you're not going to keep many thousands of USD in your physical wallet in your jeans pocket.