A simple approach to increase significantly the security of NXT.

[Sebastien256]

I believe that NXT client should:

1) Implement a button to generate a random passphrase of optimal security.
2) This button should be at the beginning of the login procedure.
3) People could then use these random strings for their passphrase.
4) When generating a random passphrase, a message should also CLEARLY state to keep (copy and paste) that passphrase somewhere to avoid the lost of the NXT account.

This simple addition would decrease significantly NXT stealing.

Note that when people say out loud that their NXT was stealed, it is a very bad press. With this simple addition, some form of NXT stealing can be avoid right away. I believe that this should be implement before the NXT official launch.

If you like my advice, plz donate: 653922166310279418

[joefox]

The Nxt client you're using now (NRS) is a simple, bare-bones, web-based client that interfaces with the Nxt software.  It was never meant to be permanent and will likely be completely removed once a proper client is built.

Someone (nexern) is working on a client but I don't think we'll see it until January. And once the source is released on January 3 other people will be able to build clients as well.

I would hope that a proper client would implement some better account security features

[Sebastien256]

Well, an option like that I propose should be implement fast as possible it the future client. It just a thought. It would propably avoid some deceptions in the future about NXT.

[DBG]

Well, an option like that I propose should be implement fast as possible it the future client. It just a thought. It would propably avoid some deceptions in the future about NXT.

Right now things are not tightly organized and some commands don't even have a web prompt to make use of.  With that being said, I would hope that security would be at the top of the list for any NXT client developer.  I still find it interesting that I'm using a 16 digit password full of true randomness (including non a-z, 0-9 characters) and it still tells me my password isn't secure enough when I use it 

[2Kool4Skewl]

Well, an option like that I propose should be implement fast as possible it the future client. It just a thought. It would propably avoid some deceptions in the future about NXT.

Right now things are not tightly organized and some commands don't even have a web prompt to make use of.  With that being said, I would hope that security would be at the top of the list for any NXT client developer.  I still find it interesting that I'm using a 16 digit password full of true randomness (including non a-z, 0-9 characters) and it still tells me my password isn't secure enough when I use it 

16 characters is NOT SECURE!  USE SOMETHING MUCH, MUCH LONGER!!!!

NRS supports passwords up to 100 characters in length.  Please use something at least 80+ characters long.  Transfer all your Nxt to your new account.  Your funds will be stolen with a 16 character password.

[SomeoneWhoIsntYou]

I think this conversation is proof that this functionality needs to be added 

[allwelder]

with a "one button client",the price of Nxt will rocket again.

[KingCole]

Is it possible to change the password once set and if so how?

KC

[CryptKeeper]

Well, an option like that I propose should be implement fast as possible it the future client. It just a thought. It would propably avoid some deceptions in the future about NXT.

Right now things are not tightly organized and some commands don't even have a web prompt to make use of.  With that being said, I would hope that security would be at the top of the list for any NXT client developer.  I still find it interesting that I'm using a 16 digit password full of true randomness (including non a-z, 0-9 characters) and it still tells me my password isn't secure enough when I use it 

16 characters is NOT SECURE!  USE SOMETHING MUCH, MUCH LONGER!!!!

NRS supports passwords up to 100 characters in length.  Please use something at least 80+ characters long.  Transfer all your Nxt to your new account.  Your funds will be stolen with a 16 character password.

lol - his account contains 1nxt 

[pat]

Is it possible to change the password once set and if so how?

KC

No it's not. That's not how NXT "accounts" work. When you enter a passphrase the client uses it's algo to calculate an address. The same passphrase will always yield the same address. If you'd like to change that you'd have to change the algo

[KingCole]

I thought that maybe the case. I guess I could install the client on another PC, use a different passphrase and move the coins from the old client to the new?

KC

[mgburks77]

You can do it on the same PC with two accounts running in different tabs, I think