neuron icon indicating copy to clipboard operation
neuron copied to clipboard
verified publisher icon nervosnetwork

[Enhance User Experience] Automatically fill all blank when paste the complete recovery phrase.

Open chaoticlonghair opened this issue 1 year ago • 6 comments

Description

Recently, I have tried many wallets.

I found that most of them have a good feature: when a user pastes a complete secret recovery phrase into the wallet, all corresponding blank will be filled automatically.

But in Neuron, I have to paste each word into the corresponding blank one by one.

Comparison

Click HERE to the the comparison.

  • MetaMask

    MetaMask

  • Neuron

    Neuron

Another Issue

Neuron doesn't hide the secret recovery phrase after input.

chaoticlonghair avatar Apr 10 '24 17:04 chaoticlonghair

For better safety, we remove the copy-and-paste phrase seeds. If you copy your phrase seeds once, other unsafety apps may read your clipboard. So it's better to enter phrase seed words one by one.

yanguoyu avatar Apr 11 '24 01:04 yanguoyu

For better safety ...

Although you blame the problem on security, but Neuron doesn't hide words after them been input.

If you copy your phrase seeds once, other unsafety apps may read your clipboard. So it's better to enter phrase seed words one by one.

  • If Neuron wants to avoid password leak via the clipboard, Neuron should disable copy rather than disable paste.

  • Neuron doesn't allow copy-and-past, but how does Neuron avoid users to try that?

    So, it's very likely that the password is already in clipboard.

    So, disable copy-and-pas is just meaningless.

chaoticlonghair avatar Apr 11 '24 01:04 chaoticlonghair

If Neuron really wants to disable password leak via clipboard, don't use input fields.

A better solution is:

  • Display a picture with 26 English alphabets.
  • Let user click English alphabets to input words.
  • Base on the BIP-0039: no word could be the prefix of another word, whitespace is not required. Neuron can match the user inputs to find the word, there should be only one matched. But, provide a button to input whitespace is also reasonable.
  • The picture should be generated each time, and the 26 English alphabets should be in the different coordinates of the picture every time: for security.

:point_right: If users don't see any input field, they won't try to copy-and-paste.

p.s. Since Neuron so cares about security :thumbsup:, I guess I could expect this feature finished in the next 2 or 3 releases :wink:; so excited, I can't wait for that.

chaoticlonghair avatar Apr 11 '24 01:04 chaoticlonghair

If Neuron wants to avoid password leak via the clipboard, Neuron should disable copy rather than disable paste.

Agreed, please have a consideration @Danie0918

The suggestion at https://github.com/nervosnetwork/neuron/issues/3115#issuecomment-2048796731 is a bit further.

I would suggest optimization as follows

  1. Disable the copy function of the mnemonics;
  2. Fill words into each field when the wallet is imported by pasting mnemonics;
  3. Display options along with characters being inputted, e.g. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/datalist
  4. Leave some fields empty(not all fields empty) when a user inputs the mnemonics a second time for confirmation. By doing so, users have to write down all words but only need to type some of them.

Keith-CY avatar Apr 11 '24 03:04 Keith-CY

Mark this issue stale because no activity for 60 days

github-actions[bot] avatar Jun 10 '24 05:06 github-actions[bot]

WIP https://github.com/Magickbase/neuron-public-issues/issues/381

Danie0918 avatar Jun 11 '24 01:06 Danie0918

Mark this issue stale because no activity for 60 days

github-actions[bot] avatar Aug 11 '24 05:08 github-actions[bot]

Close this issue because it's inactive since marked stale

github-actions[bot] avatar Aug 18 '24 05:08 github-actions[bot]