Silk Road forums

Support => Feature requests => Topic started by: abitpeckish on August 13, 2013, 07:03 pm

Title: Change "PIN" to something that promotes better security
Post by: abitpeckish on August 13, 2013, 07:03 pm
A discussion on IRC led me to realize, to my embarrassment, that my SR PIN doesn't have to be just numbers and doesn't have to be relatively short. That same discussion demonstrated that there were many others with a fair amount of experience travelling the road that also did not know this. I think the "PIN" moniker is a potentially huge liability in that it suggests the same paradigm -a handful of digits- we are all used to with banking PINs. Perhaps something like "withdrawal password", "wallet password", "transaction passphrase" would be better. A simple linguistic change here can promote a major improvement in default security practice.

Can't wait to see how this poll turns out.
Title: Re: Change "PIN" to something that promotes better security
Post by: Toska on August 15, 2013, 01:28 am
I agree this should be changed, the word PIN is deceiving.
Title: Re: Change "PIN" to something that promotes better security
Post by: abitpeckish on August 25, 2013, 06:55 pm
Bumping with link to a better (as in more secure) suggestion to replace the withdraw verification procedure with PGP-generated one-time passwords. This could be a good way to force all users (vendors/buyers) to at least prove some security proficiency and fluency. Whether or not they choose to exercise that proficiency would still be up to the individuals.

http://dkn255hz262ypmii.onion/index.php?topic=201932.0
Title: Re: Change "PIN" to something that promotes better security
Post by: crystal on August 25, 2013, 07:22 pm
Perhaps something like "withdrawal password", "wallet password", "transaction passphrase" would be better. A simple linguistic change here can promote a major improvement in default security practice.

+1!
Title: Re: Change "PIN" to something that promotes better security
Post by: Rocknessie on August 25, 2013, 07:36 pm
Perhaps something like "withdrawal password", "wallet password", "transaction passphrase" would be better. A simple linguistic change here can promote a major improvement in default security practice.

+1!

+1