Extension version 0.1.32 released

extension
(FCC) #1

Maintenance update only.

  • Update to Nash Brand
  • Update nodes to nash.io domain
  • Copy changes from “private key backup code” to “account backup code” for added clarity.
15 Likes
Provider website domain needs to be updated for the NASH Extension
(Bunder) #2

In Chrom web store, the provided by name is still ‘https://neonexchange.org

New people who see the old name could think it is not the right one. I don’t know if it is easy to change the name https://nash.io ? But if it is easy, it looks more reliable.

39

4 Likes
(Alex) #3

I dont understand this step. "Review details"
What do I need to review here ? I assume this should be my neo address. But this loginToken ? how do I review this ? What is there to review here ?
I dont see any editable fields either. Whats the point then ?

I blurred this information. Is it sensitive information ? I dont know either.

What's the use of the colour & security word?
(Kwicks) #4

I was wondering about this as well. I have no idea what this dialog really does. I am already logged in to my extension. And I have also absolutely no idea how I should review the logintoken (the other is my public neo address).
My mom would cancel here for sure (or call me) :wink:

1 Like
(NATENEX) #5

@Alex @Kwicks It’s to prevent phishing from other websites so you know it’s reading only your wallet/login. Similar to the same reason other wallets ask you to verify the wallet address prior to sending tokens to make sure you aren’t being rerouted somewhere else. It’s a another layer of security.

(Alex) #6

How am I supposed to know that from looking at some gibberish hashes ? I dont even know what to compare this to…
Thought the next step (enter password) already had the anti-phishing measure using the word and color ?

Either way. If this review step is really necessary I would suggest informing what and where to compare this with and also implementing Identicons to have a visual representation of those hashes instead of showing long sequence strings …
(ultimatly optimizing identicon algo for black and white for e-ink/matrix lcd screens)

$https://en.wikipedia.org/wiki/Identicon

(Jignes Bhai) #7

If you yet to sign up, get in through my referral MZdoGj Thanks!

(NATENEX) #8

How is this gibberish? It’s literally your wallet address and authentication token…

Just to clarify, the screen you are talking about is the anti-phishing screen (that was what I was originally referring to), the screen you posted a pic of is pretty self explanatory. It says, “Review Details: Nash will securely sign this info to prove it belongs to you”. Essentially its just a verification to make sure that matches the wallet you are trying to use.

(Alex) #9

Thanks. Could you maybe explain me your thoughprocess while ‘reviewing’ the details shown in this screen ?
– What leads to the conclusion ‘I made a mistake’ OR ‘These are correct’ ?

(NATENEX) #10

This image is pretty much just a verification screen. It essentially asking is this the wallet you are wanting using and if so it will assign it to you for your session. Many people have different wallets so you are just verifying that it is the one you want to use essentially.
The next screen (the one asking for a color and a word) is the anti-phishing screen.

image

(Alex) #11

@Nathaniel

(Olu ) #12

Please mind your language. Why do you sound so aggressive?

(Alex) #13

My appologies. Didn’t mean to sound aggressive. As a child I got abbused by my stephdad. I was talking from his point of view.

@Kwicks had a better wording for it:

My mom would cancel here for sure (or call me) :wink:


(I will mind my words and be more positive after MVP launch. No worries.)

(FCC) #14

This fields are filled automatically by the app calling the extension library, to show to the user what is being signed. If we made the display prettier someone could say you are signing something but give diff data, so is a somewhat hard issue of security vs usability. As usual as time passes we have some ideas but this is low priority right now. We do recognize we can have better UX on the confirmation screen.

(Need For Speed) #15

This small remark from @Kwicks is so true and important. :warning:

Average Joe will not understand at all what this “loginToken” is in the first place, let alone what he/she should compare it with in order to review if it’s the correct token…:thinking:

People who have a general experience with crypto or other exchanges will proceed after this Notification window, and “Trust Themselves” :wink:

But for many other people - like the first-time exchange user, the crypto-newbie, the uncle/aunt who received a referral code,… - this Notification will already be a bridge to far. This Notification (popping up at the other side of their monitor btw !) could be perceived as too confusing, or worse, as a phishing attempt itself :upside_down_face:
All this with the possibility from stopping these kind of people to “Trade. Pay. Invest.” through the Nash Exchange.

Indeed, as @canesin mentions: this is one of the many issues of security vs. usability. And it’s exactly in these kind of issues Nash Exchange wants and needs to excel. We all know this theme of security vs usability is a top priority for the whole Nash team, and I trust them to make improvements at the right time.

2 Likes
(Neo Maximalist) #16

I agree. A good UX design goes a long way.

3 Likes
(Mao Mao) #17

A video that shows new/existing crypto users on the signing up process to how to use each of the trade functions to deposit/withdrawing money would be great.

Just like how the nash team did their video tutorial for the ICO participants in the past. It was fairly easy following through the video.

(Nashrimpy) #18

newest version is 0.1.33?