secondary title
1. What is a password account?
With the popularity of mnemonic wallets, almost everyone knows that "mnemonic is the only way to control your own assets." We are already very familiar with the mnemonic account, so what is a password account?
The password account is an extension of the mnemonic account in the application.
In common mnemonic accounts, we all know that if your 12 mnemonics are accidentally leaked. The other party can directly recover your assets and transfer them away.
In the password account, even if your mnemonic is accidentally leaked, if the other party cannot obtain your custom password, he still cannot restore your real account, and he will be helpless with your assets.
In the mnemonic account, 12 mnemonics = control assets
In the password account, 12 mnemonics + custom password = control assets
fruit blanket abuse detail
pattern dinosaur monkey loop
coast abstract tortoise blind
For example: Paipai I have an account, the mnemonic is:
(Wrong demonstration, please do not imitate, the mnemonic must be kept privately)
If this is an ordinary mnemonic account, and you get these 12 words, you can transfer all the assets in this account.
But since Pai Pai dared to release the mnemonic, I guarantee that you will never be able to transfer it!
This is of course because (I have no money) I opened a password account.
If you don't know my custom password, you have nothing to do with me.
Then you can have permission to use the assets of the account.
*BITHD password account function
secondary title
2. What is the technical principle of the password account?
Let’s first go over the principles of ordinary mnemonic accounts in vernacular science. The 12 mnemonics are also called seeds. We can calculate the value of different currencies by hashing the seeds and adjusting the parameters of different currencies according to the BIP protocol. private key and address.
In fact, the principle of the password account is almost exactly the same as that of the mnemonic account. The only change is to regard the 12 words + custom password as a seed, and then complete the calculation.
It is easier to understand with another way of thinking. Ordinary mnemonic accounts can actually be regarded as "password accounts with empty custom passwords"
seed = 'one two three four five six seven eight nine ten eleven twelve'
m = BIP32Key.fromEntropy(Mnemonic.to_seed(seed))
master_xprv = m.ExtendedKey(private=True, encoded=True)
m = m.ChildKey(44 + BIP32_HARDEN)
m = m.ChildKey(0 + BIP32_HARDEN)
m = m.ChildKey(0 + BIP32_HARDEN)
m0 = m.ChildKey(0)
for x in xrange(20):
t = m0.ChildKey(x)
print 'Address:' + t.Address()
print 'Private Key:' + t.WalletImportFormat()
(This is a few lines of Python code we wrote when we were doing science popularization a few years ago, and friends with code foundation can basically understand it at a glance)
secondary title
3. How secure can a password account be?
The emergence of password accounts is particularly important in today's era of "when you see 12 unfamiliar words and can't help but type them into your wallet".
Although all wallet vendors and KOLs in the industry are constantly popularizing science: mnemonics must be stored offline, there are still many ignorant users who will accidentally save mnemonics on cloud disks or mailboxes. After the hacker obtains the login permission of his cloud disk mailbox, he can easily transfer the assets on the mnemonic phrase. If you use a password account at this time, after the hacker recovers your account and finds that there are no assets, you will hide After a while.
To give another example, if your mnemonic is honestly copied in a small book, it can be stored offline. But one day, when you were not at home, Lao Wang next door came to your house as a guest (just to see your mnemonic, don’t think too much), he quietly took a photo of your mnemonic, and recovered it with his wallet After the mnemonic, I found that there is no asset in the account at all, and you will not have any (asset) loss except that he may call you a poor ghost.
There is also a little trick. After you enable the password account, you can also deposit a little coin in the ordinary mnemonic account corresponding to the 12 mnemonic words, which can be disguised as an "ordinary account", but in fact It is a "sentinel account" that monitors for you. If you find that the coins on the ordinary account are lost one day, it means that your mnemonic has been leaked. You can change a set of mnemonic, and then put the big The amount of assets transferred to the new password account is foolproof. In this scheme, the sentinel account can serve as an early warning for the security of mnemonics.
In short, keep the good password silently, and the password account hangs all fancy attacks.
secondary title
Connect the BITHD hardware wallet to the Bitpie APP, and start a password account in the BITHD settings.
*BITHD Shield & Blade both support password account function
secondary title
5. What should be paid attention to when using a password account?
1. The password and mnemonic must be kept well, both are indispensable.
2. Never back up the mnemonic and password of the password account together.
3. The password account supports 6-53-digit passwords (numbers, uppercase and lowercase letters, and some special characters). The password setting must not be too simple. Of course, if it is too complicated, it may be forgotten. Measure it yourself. I tend to use piepiezuishuai, which is good A password that you will never forget.
4. At present, in addition to BITHD, there are some wallets such as Trezor that support the recovery of password accounts. We will add a recovery entry in Bitpie later and open source [password account mnemonic + custom password converted to ordinary mnemonic Word] tools so that everyone can recover assets in password accounts faster under special circumstances.
5. Be sure to use the password account function in the open source wallet. It would be better if it is BITHD. After understanding the principles of password accounts, you should be able to understand why we have always emphasized that "open source" is a prerequisite for hardware wallets, because some traditional manufacturers often promote concepts such as "security chips", but in fact password accounts It has been able to perfectly solve the problem of physical attacks (that is, the theft of mnemonics), and it is logically unreasonable for the hardware wallet architecture to abandon the premise of open source just for this.
