The new RISE wallet is going to change up the sign in flow
Across the ecosystem, different cryptocurrency wallets (including RISEs current web wallet), have come to use a pretty similar login process. To log into the account the user is expected to enter their passphrase. The new RISE web wallet is going to break that pattern and do things differently.
The reason why we feel strongly about breaking the existing patterns that users have gotten so used to over the years and introducing an “unconventional” sign-in process is to ultimately protect users digital assets.
When asking for users passphrase to access their account, we are subtly implying that the account information is secured behind a passphrase, which is of course false. Everything about the users account is public on the blockchain for everyone to see and the user experience should reflect that.
In addition we are teaching our users an extremely bad habit — entering their most precious secret as the very first step when they open the wallet. This habit can be easily exploited by phishing sites, resulting in complete loss of digital assets.
Getting our users out of this bad habit also lessens the damage potential should the internet infrastructure that RISE relies on become compromised. When the users are protective of their passphrase, then the attackers can only compromise accounts that try to transact during the small window of time when the attack is on-going.
New way to access your accounts
The new RISE web wallet will ask the user for their passphrase only when signing transactions that are to be submitted to the network. To access an account, the only piece of information that the user needs to enter is their account address.
Above you can see a screenshot from our prototype that we used in one of the firsts user tests we conducted. We were expecting this step to create a lot more confusion in our users than it actually did.
The testing did reveal that sometimes the habit of entering a passphrase is so ingrained into users behavior that any input box after entering the sign-in flow will be treated as the passphrase box. Other times, the fact that users were never asked for their passphrase made them weary of how the wallet was able to get access to their passphrase.
To solve the problems we saw during this round of testing there will be two new things we’ll be introducing to the sign-in flow:
- To the account address input we will be adding a helpful error message when the user is attempting to enter their passphrase instead of their account address.
- At the end of the sign-in flow we will be adding an informational message about when we will be asking for users passphrase and why doing things that way is the more secure way.
We will be tweaking and polishing the flow and retesting it in our user tests. Which means, that the two new features mentioned above might evolve into something completely different by the time of the public release of our new web wallets.
Do you want to help us make a great wallet? You can do so by signing up as a tester by filling out this form. For every test we run, we only have a limited number of spots available. Those who get picked will receive an invitation to participate via email.