Repository
https://github.com/MattyIce/steem-keychain
Steem Keychain
I've opened the issue on the GH https://github.com/MattyIce/steem-keychain/issues/80 and also made a comment on the recent Keychain post: @blockchainstudio/re-yabapmatt-steem-keychain-update-firefox-version-now-available-20190307t230142429z
Components
- Private key management
- UI improvement
Proposal Description
Private key management
Due to the launch of Steem Engine Dex (Steem Engine DEX GRAND OPENING!), more users will use Steem Keychain.
Steem Keychain is the most promising alternative or complementary tool of Steemconnect. (Thanks to @yabapmatt, @aggroed, @stoodkev, @nateaguila) While it's awesome, currently it shows private keys in Manage Accounts without further confirmation, which can be very dangerous.
By the nature of webbrowser plug-in wallet, it is meant to be used by everyone including people who don't even understand the concept or importance of private keys. Even advanced users tend to make a mistake to reveal their private keys accidentally. For instance, they may be on Skype, or hacking tools may monitor private keys. Currently, even for a user to add additional keys, all stored private keys are shown.
There should be additional confirmation step to show private keys.
Mockups / Examples
Before
For a obvious reason, I can't show the screenshot of "before." Currently private keys are shown instead of "Click to show Private Key" (which I suggest below) by default, which can be very dangerous.
For instance, let say you had added posting & active keys before and now you want to add memo key. Then you need to enter this menu, and posting & active private keys are shown without any protection.
After
Private keys should be shown with further confirmation, e.g., "Click to show Private Key".
Of course, it's even better if ask to enter the wallet password again depending on the option. So in the setting page, there should be an option, e.g., "wallet password is required to show private key."
UI improvement
Currently many menus don't have large amount of contents, but still most pages can't be shown without scroll. This is inconvenient. Font size can be smaller (better if adjustable). Or if the heading margin is reduced, the most menus can be fit into one page.
Mockups / Examples
Before
UI problem is not only about menus, it also applies to pop-up windows. This is the actual pop-up for login.
After
How big is the entire content? Not big at all. While this is an extreme example that needs both vertical and horizontal resizes, many menus have similar problems.
Benefits
Steem Keychain is one of the most important projects and will be used by many users. Security is always important. I think not many people expect that it shows private keys without further confirmation. This additional confirmation step enables to keep private keys more secure and users to use it without worrying their keys are exposed by mistakes. In addition, some small UI tweaks will improve UX.