Forgot Password Feature

I believe the biggest hurdle to Cryto adoption is lack of “Forgot Password” feature. People cannot grasp the concept of being solely responsible for their funds. Also people are stupid and keeps loosing their password. I was not expecting Nash to have “Forgot Password” since it is a DEX. I was pleasantly surprised when I saw “Forgot Password” link in login page.

  1. With this, I have a concern as well. If an Email account is compromised and two factor authentication is not enabled, then in such a scenario, the attacker can change password and gain access to the account and funds. Wont this make the exchange vulnerable?

  2. In what scenario does a person loose access to his / her funds?

1 Like
  1. If I remember correctly, you will need to provide your 12 word seedphrase to be able to complete a password reset.

  2. [I’m not 100% sure about this] I believe you lose access to your funds at the point which you lose your 12 word seedphrase AND you forgot your Nash account email and password.

  • If you lose only the 12 words: you can still login and extract the private keys from accounts-page
  • if you lose only the password: you can recover account using 12 words
3 Likes

Don’t forget the MPC wallet upgrade will happen at some point. After that, the way I see it, you’ll be able to have such a setup:

Master account:

Everyday account

Using your everyday account will limit your interactions with your main account, thus lowering its chances of being compromised.

All of this is explained in this great blog article. Another possible setup for institutions is:

Master institutional account:

Senior trader

Junior trader 1

Junior trader 2

Needless to say, this is unprecedented for a non-custodial account :muscle:

9 Likes

I believe you have to have your private key to your wallet to reinstate your account password. So mere email hack wouldn’t complete the security breach.

Yes, you need to provide the seed phrase to change your password if you forgot it. The system wouldn’t work otherwise since we do not have access to the private keys / seed phrase.

2 Likes