O3 desktop client has no (password) protection


#1

I have installed the windows client from the store. Imported an existing account created with the mobile client(android) using the password.

I had expected that the client asks me every time I start it the password for the encrypted key but it doesn’t. This means Every body that can access my laptop (data/hdd) can access my wallet without knowing the encrypted key password.

So the client needs to ask the password at each startup and forget it by close or make it a setting.

The mobile version asks the phone lock pattern but it should be possible to use another pattern or PIN. That is also how (most) bankingapp’s work.

Edit: Mobile app=> The deposit to my trading account got executed while the button I pushed was labelled ‘review’. I expected an overview where I need to confirm or cancel the deposit as that is what the button label says.


#2

Hello,

Thanks for using O3. Our Desktop application works slightly different. It is possible for anyone to open the app if they have access to your laptop as you state. But it’s impossible for anyone to access your funds. For anyone to be able to actually send something out of your wallet, they will still need the password. You can try for yourself, when you open the app you can see that the wallet name has a lock next to it. If you try to send while the wallet is locked it will prompt you to fill in your password, and otherwise you cannot send.

We are looking at having a hide funds option as well, but at least no one can access or take your funds without your passwords just like on mobile.


#3

Thank you for your replay I’ll wait and see the developments/improvements.