Give the option to make it impossible (very, very difficult) to display the passphrase once it has been safely saved.
They seem to keep an encrypted version of your seed on their servers, dont they? (implied by the ability to load your account on new devices if your know the recovery password)
1 Like
You recognized the Session IM, but I didn’t specify it by name or as part of my screenshot to not distract from the main point I was trying to highlight.
Unfortunately, I do not know how Session IM works in details. I think they’ve proven themselves to be competent in security but that’s not answering your question.
The point I was trying to make is that it does not make sense to keep the seed phrase of a wallet accessible once a backup has been made and the user has confirmed it.
It’s a good practice that opens doors to neat features.
You could have the wallet configured to make, say, only 10 ZEC available per week and only display that as the amount available without revealing anything else. No past transactions or anything that would reveal precious historical details about the user to a thief, nosy LE, or even nosy friends.
Sure, there are way to circumvent this, but how many people have the skills to do this?
The seed phrase is needed to derive the secret key to sign the transactions. You could remove the seed phrase and keep the secret key but that doesn’t change much since attackers are after the secret keys anyway.
You could say, keep the seed phrase internally but never show it ever again. However, the seed phrase is still there and could potentially be extracted by other means.
I’m not saying the wallet should forget the seed phrase or the secret key, I am saying it should hide (not display) it, once the user has confirmed (same way Session does).
I have edited my reply while you were typing.
It boils down to what level of convenience you want. Ledger will never show the seed phrase and wipe out after a few invalid pin inputs.
But I think It can be too extreme for a day to day wallet.
My wallet app has a cold storage feature via QR codes or files for several years now
I think many people want a balance between the ease of use of a phone wallet and the security of a hardware wallet. Often, they may only be able to afford a single device. Right now, we have apps that resemble Bitcoin wallets, but for a privacy coin, we may want more privacy features also within the wallet itself.
And that’s quite awesome, but most people won’t do it because it’s a bit of a complex setup.
Edited the title to reflect the fact that this is more about privacy than security.