Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Password requirements inconsistent with CLI wallet and the wallet extension #168

Open
HoTandy opened this issue Mar 19, 2024 · 0 comments
Open

Comments

@HoTandy
Copy link

HoTandy commented Mar 19, 2024

At the request of @luizstacio moved this issue here. Original was here FuelLabs/fuels-wallet#1092

What version of Wallet are you using?

0.4.3

What is happening?

With the CLI wallet, there doesn't seem to be any restrictions to what the password can be, but the browser wallet extension insists on a particular length, alpha/numeric + special characters. (Incidentally, when you must use special characters, numbers and upper case, and the attacker knows this, then entropy is reduced).

This meant that I could not use the same password on the wallet extension as what I was using in the CLI. Suggestion, make the password requirements the same for both CLI and the wallet extension, to reduce the chance that a user would have to use a different password on the wallet extension.

steps to reproduce

Create a new wallet from the CLI, when you create a password, make it a simple one that doesn't match the password requirements that the browser wallet extension requires.

Using your mnemonic, recreate the wallet in the browser extension (it can also be a new wallet)

Use the same password you used for the CLI wallet - you should not be able to because that password does not meet the password requirements the chrome wallet extension demands.

I know the passwords must not match for the same wallet that we created using the CLI & Browser Wallet Extension, but it's much nicer for the user to be able to use the same password rather than having different ones. I think it's better for Fuel's overall look & feel not to have these inconsistencies, it would be more professional in my view.

How it should behave?

Make the password requirements the same for both CLI and the browser wallet extension.

What os are you seeing the problem on?

Mac/Apple Desktop

What browser?

Chrome

What is your browser version?

Version 121.0.6167.184 (Official Build) (x86_64)

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant