We’re doing a bit of research on alternative onboarding strategies. Local password vs. seed phrase (Secret Key) tends to confuse many new users. We’ve been looking at crypto wallets that do a good job of sharing seeds and putting up fast, but effective, verification methods—which, in theory, would let us ditch email/password in the browser.
If our goal is to remove any “password” besides the seed, we might consider:
- Remove any and all password functionality in the browser
- Or, use the seed itself as a local encryptor. So still have local password in a sense, but for user they only need to worry about a single piece of information for ID security.
I’m curious about the potential downsides of either option. Could be UX, security, or other…
Just did a quick inventory of the obvious places password is used now:
- View/access stored seed
- Creating new IDs
- BTC transactions (and potentially future STX transactions)
- .ID name transactions
- Upgrade the browser
- Reset the browser