electrum icon indicating copy to clipboard operation
electrum copied to clipboard
verified publisher icon spesmilo

Wallet password unification on Android: enforce irreversibility

Open SomberNight opened this issue 1 year ago • 2 comments

On Android, in the past, each wallet could have a separate wallet password. Then https://github.com/spesmilo/electrum/pull/6805 introduced the wallet password unification. With that:

  • every time a wallet is opened, or a wallet password is changed, we check if the password is or can be unified
  • it is considered a legacy state to have multiple wallets that have different passwords
  • if the password is unified, when the user creates a new wallet, we automatically use it for the new wallet
    • otherwise, the wizard lets the user type a new password for the new wallet

Note that before any wallet is opened, currently we don't know if the password is unified. The kivy gui did not allow creation of new wallets until an existing wallet was opened (https://github.com/spesmilo/electrum/pull/6805#issuecomment-759370628). The qml gui however allows this atm. This lets the user reverse password unification by creating a new wallet with a different password.

Maybe we could revert to the kivy behaviour and disable the create wallet button (or show popup when it is clicked) until a wallet is opened.

Some problematic/impossible use cases/scenarios:

  • user who forgot their wallet password will not be able to create a new wallet (only recourse is to reinstall the application)
  • multiple people wanting to use the same phone and each have their own wallet with different passwords

SomberNight avatar May 30 '24 16:05 SomberNight

Maybe we could revert to the kivy behaviour and disable the create wallet button (or show popup when it is clicked) until a wallet is opened.

Note: @ecdsa had an idea that we could even go a step further, and disallow creating new wallets at all if the password is not unified: show an error to the user telling them that they need to manually change all their passwords to be the same. This sounds a bit extreme though.

SomberNight avatar May 30 '24 16:05 SomberNight

If the password is currently not unified, @f321x said during new wallet creation we could limit the choice of password to the set of already used passwords.

Maybe we could revert to the kivy behaviour and disable the create wallet button (or show popup when it is clicked) until a wallet is opened.

maybe @f321x's idea could be used for this as well: we allow creating a new wallet before unlocking any existing ones, however on the password configuration screen, we enforce that the chosen password can open at least one of the existing wallets.

SomberNight avatar Dec 03 '25 23:12 SomberNight