Recovery phrase - Why not

Hi there :
I’ve been thinking about something.
What if our phrases are lost or acquired? :thinking:
As u know,we can’t change it.
Is it only possible to re-build and migrate data? :thinking:
When there’s a lot of data, it’s a disaster. :scream:

I began to consider whether to continue to use AT.
The Internet age,there is no such thing as absolute security,and need to worry about all this.

Why would this be a disaster?
You can export your whole space with the Any-block (protobuf) export. Nothing should be lost.

And of course, make sure to keep your recovery phrase safe.

I mean, in case the recovery phrase is stolen, there is no way to prevent others from accessing my space by modifying revovery phrase. If my spatial data is large, I can only export it,and create a new space, and then import it.There is no alternative.

Yeah, exactly.
But you can just export your data to a new account, and then delete your old account.

1 Like

It could be problematic, but unless you post your recovery phrase on the internet or share it with people who are going to use it to do harm, the possibility of that happening is 0%. I don’t know anyone who is that gullible to not protect their recovery phrase in those regards.

There is no security in the Internet age.
Almost all apps read the clippings, and if you use AT on your phone, every time you copy your phrase, another Apps could steal it.
If the other person is also using AT, it’s easy to guess the use of this phrase.

That’s all I can think of.

That’s why it’s important to safeguard your devices so that doesn’t happen.

we can push the pail of responsibility all the way down. if we follow this argument, why dosent android / ios have security safeguards, why dosent samsung/apple make an impregnable phone? why dont you buy a nokia3310 if your so worried about security. the best solution to this problem is to solve it at its source. security hinders convenience, and having one point of ingress that is easily lost, captured, or otherwise is not the best idea. especially since there is no second factor.

1 Like

Not to argue, but ultimately, if your device is compromised or if your passphrase was stolen, what keeps it from being stolen again if you would change it? Therefore, even implementing the ability to change it doesn’t necessarily safeguard your data. It might keep it from happening again for a while, but once your info is hacked into or breached, it’s breached and in the hands of someone it shouldn’t be. You can turn on the Pin Code feature, but anything is ultimately hackable. However, generally, when things go wrong with security, the user is at fault.

personally, my opinion is no seed phrase whatsoever, go back to a proven, somewhat more secure authentication method that dosent have a single point of failure.

1 Like

Hi ,I like that answer better,this is rational :100:

1 Like

Not to mention the thousands of database breaches

Not so sure about that.

1 Like

Yes, occasionally, there are vulnerabilities in the code of a program, but normally this falls in the category of not particularly being anyone’s fault. Nothing in this life is going to be perfect (that’s an absolute fact). Also, when companies cover up their vulnerabilities, lack of security, etc., and lie about them, it never gets them ahead - that’s why they feel obligated to immediately patch the security bug, vulnerability, or zero-day. In a free market, when companies are dishonest with how they handle security, people stop purchasing their services. It thus doesn’t make sense for companies to implement sub-par security measures. So, in most cases, it’s the user’s fault for not using a strong password (which is now almost impossible with most companies implementing mandatory password requirements), not using 2FA, not using biometrics, or failing to keep passwords safe. And although nobody likes Google, when I found out that I was “in a data breach” they only got my email because I almost always use the Google sign-in when available. I guess it means they could try phishing or send scammy messages, but I’m not stupid. Plus, Google’s spam filters work well enough that I never get such messages in my inbox.

true, however in the case of AT, we dont have the option for 2fa, or any other standard, widely accepted method of security. making the possibility of unauthorised access infinitely easier.

1 Like

I would agree with that. They could introduce some sort of 2FA in the future. Even email would in theory work because that isn’t already how you log in and thus connect to your Anytype account. Ultimately, though, using something other than email or SMS, like an authentication app is more secure because then you don’t have to worry about people having access to your email or hacking and retrieving your text messages (that aren’t encrypted) - although it’s unlikely that they would have all the pieces to even get into your account.

agreed, in AT’s curernt state, a brute force attack is all it would take to cause devastating chaos to peoples data, you wouldnt even need to do the advanced thing of se, just generate seed after seed till you hit something, delete everything and move on.

It just occurred to me.
How do we view the current number of nodes?
This allows you to know how many users there are in the blockchain.
Or, how do I know the current security? :koala:

@23jjl @isle9 @LiteLotus