I understand where this comment of Nickstar007 is coming from…
The Nash-team (maybe someone like @clare can look after this ?) should be aware that MANY people (current or future users of the Nash Extension) will ask themselves exactly these same kind of questions:
- “Is this normal ?”
- “What is this popup window for ?”
- “Is this question/check not a scam in itself ?”
- “How can I know this question is part of the Nash-procedure ?”
- “What is the Nash-procedure anyway ?”
Just like the issue/question regarding the mandatory review of the loginToken, raised in this topic: Extension version 0.1.32 released
We are confronted here with another example of the big underlying burning challenge, which is the challenge of bridging the large gap between programmers and users, between security and usability, between design and user adoption,…
Of course it’s useful that @Lennystyles gives the correct answer in this topic, and that @DeadPool_56 is referring to the correct explanation listed on the Support pages of Nash. But this is only a drop on a hot plate :
For every Nickstar007 -user who takes the effort of registration to this Community, and then takes another effort of logging in and formulating his question on these pages, there are x100 users who have a similar question, but don’t make this effort.
Nash-team: please don’t underestimate the number of people who are confused or have a similar question…
The answer of Lennystyles and the explanation from Clare on the Support page do point out that Nickstar007 shouldn’t worry. But these answers/explanations don’t go to the bottom. People who are inexperienced with crypto or with using exchanges don’t even understand the basic concept of “another protection layer to warn you if you are on a scam site/extension”. On the contrary: for many people, every additional window popping up asking to check this or that, could be a malicious attempt itself !
I’ll try to explain further. What the big silent majority will think is this: a popup screen that is asking to just confirm (with the click of a mouse button) an already given combination of a security word and colour, will not prevent any malicious person that already has the correct login name and password and who uses the computer to which the Nash Extension is installed, to steal whatever they want. Not much added security from that point of view…
Sure, myself and many other users in this Community know that providing this combination of security word and colour is an extra protection layer against phishing/scamming sites/popups, but it will not be perceived as such by many people. The people in this Community are not the silent majority. The Nash-team should clearly explain, in dummy-language, written in clear ABC, in this extra popup window itself, what this security word and colour is used for exactly, and also what it is not used for (meaning: what it cannot prevent).
It’s all about mixing the necessary ingredients: combining the technics and security with providing simplicity and clarity in an educational and reliable way. This is one of the biggest challenges for the Nash-team in the whole project. This is really the holy grail of (decentralised) crypto exchanges.
Nash Exchange should try to mix as soon as possible these ingredients to the best c0cktail which tastes better than the c0cktails and recipes of Coinbase, MyEtherWallet, Binance,… This should be absolute top priority. Nash users should not be wondering why they are asked to check a “loginToken” they don’t know about, or a “security word” or “colour” they do know about.
Keep up the good work everyone, I know Nash-team is trying