Replying to alphakamp

I appreciate the attempt to secure private key with a pin. But asking for the pin once, and not validatting it is a surefire way to have a typo and lock you out.
Avatar
Kieran 2y ago

The pin is not masked, and you need to press a button to submit, there are better options than logging in with your nsec too

Reply to this note

Please Login to reply.

Discussion

cc
alphakamp 2y ago

Correct, but what if I didn't catch that I hit a typo before I hit submit. Fucked is the result, just a suggestion, validation would be just a bit better. Ignore if you prefer

I'm sure there are better options, but I'm talking about this one.

Avatar
Kieran 2y ago

Are you talking about generating new keys or just logging in with your nsec, if you are just logging in and you forget the pin then you simply logout and login again with your nsec and set the pin again.

If you're generating a new key and you dont backup your key and you forget the pin then im not sure what to say about that

cc
alphakamp 2y ago

Wait the pin isn't saved locally or anything, it's created at every login? What does that solve?

Avatar
Kieran 2y ago

The pin encrypts the private key which is stored in the browser storage

cc
alphakamp 2y ago

But the pin is only valid during that logon session?

Avatar
Kieran 2y ago

If you logout then the encrypted key is deleted so the pin is also deleted