Cspr click more secure. For example 2FA or pin code
under review
A
Aki Vähäsarja
cspr click lets the user log in to cspr.live without using any authentication method (ledger, 2FA, pin code, etc...) This feature stays on and cannot be cancelled. It is a security risk if cspr.live is used on another computer than your own (for example a one at your friend's place or a public PC).
Firstly: I would request a feature that clears off cspr click if one does not want to leave his/her account to a specific PC. Secondly: I would request some sort of a 2FA or pin code so that anyone else cannot see your balance/staking rewards without your permission.
Konrad Blutstein
under review
David Hernando
Hey Aki Vähäsarja, thanks a lot for your feedback. We've discussed this topic within the team and have added it to our roadmap. We'll work on a feature that addresses your concern in one of our next releases.
In the meantime, and this would be recommended for any application where you need to sign-in, use incognito windows when you're not in your usual PC.
A
Andy Sanderson
I agree with this... I previously posted this but for some reason it didn't work:
When signed out from cspr.click, the "Choose an account to sign in" menu item openly displays the Casper accounts that the extension already knows about, and when one is chosen, the "View account" option in the drop-down menu works to access full details of the account.
This is truly horrible if (for example) you are using a PC to which others have access and you don't want them to know your balance or rewards.
If cspr.click can not be re-worked with a function that deletes all account information (and I accept there may well be good reasons why not), then the very least that should be changed is that any access to the account list should be behind (for example) an optional PIN. 4 digits should be enough to prevent passers-by idly inspecting the contents of accounts.