You are viewing a single comment's thread from:
RE: User Guide -- How to create a Backup file (.bin) first time.
If you only have a cloud wallet account and follow this guide to create a "backup" you're not actually backing up anything, you'll simply create a backup of an empty wallet containing no private keys.
Also, there's no point in actually doing this since the security of your account is not improved, in fact you only open another vector of attack which is through your bin file and the presumably weaker password you've set for your wallet.
But to correct this guide: in order to backup your cloud wallet account using a bin file you would have to do the following:
- Login with your cloud wallet account and go into your permissions page and write down your active, owner and memo private keys
- Go into the settings, then switch to local wallet mode
- Create a new wallet (unless you already have one)
- Settings > Restore > Import Private key with each of your private keys from step 1
- Now you can create a backup bin file
Even after doing this, the brain key of this wallet is useless as it doesn't correspond the private keys of your account.
That sounds like a problem. A backup should never be empty. It should always have everything necessary to restore an account regardless of security concerns due to possible mishandling(weak encryption).
Having a backup with nothing in it is decidedly less secure than a backup with a weak password.
What is it about the cloud wallet that it can't create a backup? Obviously it has access to the various keys if you're able to copy them down. It seems silly and awkward that you would have to switch types just to make a backup.
Hopefully we can redesign this to a more universal design.
To maybe answer my own question: if you have the password you don't need a backup. If you're prone to losing passwords, the backup isn't going to help. But, consider someone may want to cold-store offline a lightly encrypted or unencrypted file just in case they lose their cloud password.
Anyway, whether or not it's useful for a single account and password, the backup function should still work. With a more unified wallet/login you'd use the same function for both single accounts and a list of accounts.
Hi xeldal, Thank you for your comments. I might not be right but I somehow remember... when I created BitShares wallet very first time (more than a year ago), I had a message on a page to create/save a backup file. So, in my mind, I'll be better to create and have a backup file (my account and balance information) and save it safe.
But if we use Cloud Wallet, we just need to keep our user name and password. We do not need to worry about creating a backup file. Put your trust and keep your account name and strong password safe (and remember). If you still feel worry, then, you can create a backup.
Maybe think like that?
Yes. That's basically what I was getting at. : )
For a single account the password is all you need. The wallet should still provide a backup if requested though. It should never simply be blank or empty. That is a risk for the user. If he is expecting there to be a backup and there is nothing, that is bad.
We if don't want to provide backup options for single accounts, we should remove it from the UI. Assuming we are talking about Cloud login.
This Cloud login vs Local login design is completely unnecessary and makes everything more complicated. It's a bad design.
Hey..
I "only" have a cloud wallet..
I have the same problem.. I cant take a back up.
but i have my username and password safe. I also wrote down my private keys.
Is this safe? Or is a local wallet more safe?
Cloud wallet sounds like an exchange or something because its online..
Or doesnt it matter if i keep my password safe which kind of wallet i have?
Thank you very much!
The security of either type is roughly the same. If you have your username and password, that is all you need. Having the private keys saved is also a good idea. That's essentially all the backup file is anyways.
The whole "cloud" vs "local" naming scheme is nonsensical. They are both essentially the same thing. In both cases the "logging in" happens locally and nothing is actually stored in the "cloud".
Thank you very much for your help and reply!
One last thing please (because i have read it above):
If my computer will be damaged or i want log in from somewhere else:
Then my username and password will also be enough if i enter my wallet over the cloud wallet?
Because normally you have a 12 word pass phrase or something.. But here username and password will be enough? Also from another device?
Yes. With a "cloud" wallet your username and password will work from any device.
Thank you very much for your help!
Hi @svk, Thank you so much for replaying for this. People will know about this. I appreciate it. Well, I am going to create a post with right information.