What's the use of the colour & security word?

(Nickstar007) #1

Hey guys,

I’m a bit confused about the colour and security word you have to pick for the extension. Could somebody please explain to me what it’s for? I can’t quite figure it out. When i want to make a transaction, i don’t have to fill it in, it automatically appears in my case. Is this normal?

Thanks in advance!


(Lennystyles) #2

Correct me if I’m wrong but I believe it’s another layer of protection to warn you if you are on a scam site/extension, since you are the only one who knows which color and security word you picked. If it shows something else than what you initially choose, don’t continue the transaction.


(Dead Pool 56) #3

Lennnystyles is right. You can find more info on it with this link


(Need For Speed) #4

I understand where this comment of Nickstar007 is coming from…

The Nash-team (maybe someone like @clare can look after this ?) should be aware that MANY people (current or future users of the Nash Extension) will ask themselves exactly these same kind of questions:

  • “Is this normal ?”
  • “What is this popup window for ?”
  • “Is this question/check not a scam in itself ?”
  • “How can I know this question is part of the Nash-procedure ?”
  • “What is the Nash-procedure anyway ?”

:arrow_right: Just like the issue/question regarding the mandatory review of the loginToken, raised in this topic: Extension version 0.1.32 released

We are confronted here with another example of the big underlying burning challenge, which is the challenge of bridging the large gap between programmers and users, between security and usability, between design and user adoption,…:fire:

Of course it’s useful that @Lennystyles gives the correct answer in this topic, and that @DeadPool_56 is referring to the correct explanation listed on the Support pages of Nash. But this is only a drop on a hot plate :droplet::

  1. For every Nickstar007 -user who takes the effort of registration to this Community, and then takes another effort of logging in and formulating his question on these pages, there are x100 users who have a similar question, but don’t make this effort.
    Nash-team: please don’t underestimate the number of people who are confused or have a similar question…

  2. The answer of Lennystyles and the explanation from Clare on the Support page do point out that Nickstar007 shouldn’t worry. But these answers/explanations don’t go to the bottom. People who are inexperienced with crypto or with using exchanges don’t even understand the basic concept of “another protection layer to warn you if you are on a scam site/extension”. On the contrary: for many people, every additional window popping up asking to check this or that, could be a malicious attempt itself ! :upside_down_face:

I’ll try to explain further. What the big silent majority will think is this: a popup screen that is asking to just confirm (with the click of a mouse button) an already given combination of a security word and colour, will not prevent any malicious person that already has the correct login name and password and who uses the computer to which the Nash Extension is installed, to steal whatever they want. Not much added security from that point of view:thinking:

Sure, myself and many other users in this Community know that providing this combination of security word and colour is an extra protection layer against phishing/scamming sites/popups, but it will not be perceived as such by many people. The people in this Community are not the silent majority. The Nash-team should clearly explain, in dummy-language, written in clear ABC, in this extra popup window itself, what this security word and colour is used for exactly, and also what it is not used for (meaning: what it cannot prevent).

It’s all about mixing the necessary ingredients: combining the technics and security with providing simplicity and clarity in an educational and reliable way. This is one of the biggest challenges for the Nash-team in the whole project. This is really the holy grail of (decentralised) crypto exchanges. :trophy:

Nash Exchange should try to mix as soon as possible these ingredients to the best c0cktail :tumbler_glass: which tastes better than the c0cktails and recipes of Coinbase, MyEtherWallet, Binance,… This should be absolute top priority. Nash users should not be wondering why they are asked to check a “loginToken” they don’t know about, or a “security word” or “colour” they do know about.

Keep up the good work everyone, I know Nash-team is trying :1st_place_medal: :+1:


(Nickstar007) #5

NFS, you are spot on! First off, i would like to thank Lennystyles and deadpool for their respons, very helpfull.

However, i don’t think i’ll be the only user who will be asking themselves things like this. If you are (fairly) new to crypto, or not so tech savvy like me, it’s a steep learning curve, with lots of new concepts to grasp.

In the Netherlands, when we have to fill in our taxes, there is a little (?) sign that you can click on to get more information about complex concepts. If you click it, a little box pops up explaining the concept you are struggling to grasp. A similar function would we worth considering for the team imo.

Another thing that i still have difficulty grasping is all the different routes you can take logging in onto the wallet. There a quite a few ways. E.g. For me it’s not clear if i need to recover my account to get acces to my funds, or simply login (which somehow never works in my case). Therefor i would just use the option: login in with key. On that page, i can use my encrypted key, or my private key. The whole process is just not clear for me, i though my private key was an encrypted key. When i‘d created my wallet, i also have written down a public key and a backup encrypted key, do i need to use them over here?

Now, i know that Fabio worked on the neon-wallet. I’ve never run into these dofficulties with that wallet. Was it really necessary to move from the simple private-public key combination, because that sure was a bit easier to understand for someone like me!