NXT :: descendant of Bitcoin - Updated Information

[Damelon]

Well. Thought for sure it couldn't happen to me. but just had all of NXT stolen out of my account. yey..

Complete NIGHTMARE!   

It's a nightmare I have often.  

I am terrified of keystroke loggers.  The more widespread NXT becomes, the more keystroke loggers are going to be deployed to steal it.  That's a fact.

I am only running my main NXT account on an old XP laptop that I sanitized by doing a zero bit overwrite of the hard drive and reinstalling the OS from a Dell reinstall disk followed by the minimal add-ons like Java etc brought over on a CD drive of via online downloads.   This laptop is used for NXT and that's it.  I have a hidden and uncommented local handwritten copy of my random password generated offline on the laptop using Awesome Password Generator 1.4 from Google (you know, the guys that are secretly partnered with the NSA) and another handwritten copy in my bank vault safe deposit box.  

I still worry.

I understand that the user space is unimaginably huge at something like (I think I remember seeing) 10^70 - but still.  One lucky hit by somebody else miskeying their own password under the current scheme, and it's all over for you.  That's a fact, mitigated only by just how much luck the thief would need to have.  I've got a degree in math and I understand probability and it still doesn't do much to calm the reptilian fear in my brain.

Is there a separate white paper PDF someplace that goes over in detail from scratch / first principles the entire NXT security scheme and just the security scheme?  If not, there needs to be.  We are going to have to point specifically to that information over and over and over as more and more people come to risk larger and larger sums that the security scheme is adequate - particularly when single colored coins are made that could be worth millions of regular NXT.

So, bottom line, I think we need a security whitepaper PDF and a link to it.

It's weird how even potential wealth can fry the brain
I have the same issue.

[rickyjames]

Oops, wrong key on edit.

[laowai80]

I see a lot of use for one special NXT donation fund in the future - Paranoia Therapy Fund. I am serious.

[Come-from-Beyond]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

[rickyjames]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

For the record, I hereby vote for implementing an optional 2 factor authorization scheme via cellphone SMS as soon as possible.  All in favor, say aye?

[BitcoinForumator]

What's going on with the Blockchain Explorer? It's been down longer than 24h

[landomata]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

For the record, I hereby vote for implementing an optional 2 factor authorization scheme via cellphone SMS as soon as possible.  All in favor, say aye?

to tie the phone number to the account would be risky.....but you could easily create X amount of anonymous e-mail addresses.

[Anon136]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

For the record, I hereby vote for implementing an optional 2 factor authorization scheme via cellphone SMS as soon as possible.  All in favor, say aye?

that doesn't make any sense. there is no "nxt company" to receive the text message.

[Come-from-Beyond]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

For the record, I hereby vote for implementing an optional 2 factor authorization scheme via cellphone SMS as soon as possible.  All in favor, say aye?

to tie the phone number to the account would be risky.....but you could easily create X amount of anonymous e-mail addresses.

Guys? R u kidding???

[landomata]

that doesn't make any sense. there is no "nxt company" to receive the text message.

it could be a value added service provided by SERVICE PROVIDERS

[Come-from-Beyond]

it could be a value added service provided by SERVICE PROVIDERS

Only if it's multisig and u trust this service provider.

[rickyjames]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

For the record, I hereby vote for implementing an optional 2 factor authorization scheme via cellphone SMS as soon as possible.  All in favor, say aye?

to tie the phone number to the account would be risky.....but you could easily create X amount of anonymous e-mail addresses.

Guys? R u kidding???

OK, using cellphone is not immediately feasible except as an add-on service later.  But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  It would be slow because you would have to wait for the blockchain to generate the authorization code and get it back to you some minutes after you requested it, but I guarantee you that many users would pay extra fees for this to disallow transfers over a certain threshold without a blockchain generated authorization code.  I would pay for it right now.  

As programmers and math geeks, this seems unnecessary.  For public acceptance by high value users, it is mandatory or close to it.  

[landomata]

it could be a value added service provided by SERVICE PROVIDERS

Only if it's multisig and u trust this service provider.

optional service....people trusted banks in Cyprus.

[landomata]

But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  
  

This makes sense

Edit: A thief could always transfer smaller amounts under the threshold....

[laowai80]

NXT is like a gun.
Once you squeeze the trigger, you can't stop the bullet.
Safety lock is your pass phrase.
People are asking for additional safety measures so that they or someone else can't squeeze that trigger or that the gun asks them 'are you sure you want to squeeze it?'

[ImmortAlex]

I vote for automatic transfer of 100,000 NXT from account, who ask for 2FA in decentralized network
And another 100,000 NXT for user/password scheme request.

[landomata]

NXT is like a gun.
Once you squeeze the trigger, you can't stop the bullet.
Safety lock is your pass phrase.
People are asking for additional safety measures so that they or someone else can't squeeze that trigger or that the gun asks them 'are you sure you want to squeeze it?'

Edit:
its simple for us...but for the general public its gonna be too much....pls bank pins are 4 digits....they are not gonna be used to 30+ char.


I know it is a must....but we have to try to see things from the perspective of the everyday person...who we want to adopt this technology.

[chanc3r]

Just a password to send....The function can be optional.

Nxt is decentralized, u can ask the password million times but it won't make ur account more secure if u use a weak master password.

Passwords are often stolen by observation, looking over someones shoulder etc. if you are in a shop you don't want to be entering a 30 character complex password on a smartphone its completely impractical so I suspect the smart phone clients will need to do something and keep next logged in with the passphrase.

I suspect when in wider adoption to prevent fraud by people accessing these devices NXT should ask for a level of authentication, people will expect this and however wonderful NXT is, the common man/woman/child will expect you to make the account safe and practical for them to use.

The first password opens the account - anyone can guess it / type it etc which is the driver of the discussion.
The second password would personalise the account to the person who selected the key the first time and then set a second key.

with other currencies you have the password/random characters that created the wallet and the option of a second password to encrypt the client - would be cooler with NXT if you could put that second password in the protocol.

SMS 2 factor authentication works for centralised organisations not decentralised systems, same problems as email - 3rd parties are also involved or would have to be, it would cost and someone would have to pay - there are lots of models but maintaining the stance that the only protection NXT provides is via a 50/60/70{- where do we stop} character password will become a barrier to adoption.

[Damelon]

NXT is like a gun.
Once you squeeze the trigger, you can't stop the bullet.
Safety lock is your pass phrase.
People are asking for additional safety measures so that they or someone else can't squeeze that trigger or that the gun asks them 'are you sure you want to squeeze it?'

This may all be so, but there is a need for the safety to be better.
Mainstream users will NEVER enter NXT in any way if safety is an issue.
Most people just want peace of mind and the knowledge that their money is safe and guaranteed.
For now, in this phase, it's maybe not an issue, but it should definitely be on the cards if NXT has plans to be anything other than a service that is used by the few.

[sparta_cuss]

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?