Creating an account

Past weeks I have been plugging Nimiq to family and friends - as I really like the browser based approach, layout and simplicity. There are some things however I have experienced, and received as feedback.

While I understand the approach, registering the wallet can be an annoyance for hasty people. I want to quickly setup the wallet, but I am forced to write down 24 words, divided over 3 pages. I feel the result is counter-productive: people are taking 3 screenshots - afterwards these screenshots are synced to various cloud services, resulting in compromised wallets. It’s like forcing a password change upon users, after which they will use Welcome!2 instead of Welcome!1 and stick it on a note to not forget it: it’s actually less secure for many users.

My suggestion would be a ‘I understand the importance of the phrase, but I will skip this and use a copy-paste’. After which you can use copy paste to insert it directly into your keepass or equivalent app.

First of all, great that you joined and welcome to the forum!
Secondly, really cool that you are showing Nimiq around to your friends and family!

Going on topic, I really agree from a UX point of view that writing down your 24 words for every new wallet is not a great thing. Not only for hasty people, but for everyone. Chances even are that you write a word incorrect or not in the correct order. Also if people make photos that are connected with cloud syncing services, they make themselves vulnerable to hijacking.

But there is being worked on solutions. The first part that will reduce the amount of 24 words you have to write down is Hierarchical Deterministic wallets. This feature is already in the Nimiq Testnet (link). Basically what this feature is, is that with only one private key, you can generate infinite amount of wallets. So you have to store only one private key and add as many wallets to it as you want.

Of course with HD wallets, you are stuck with the 24 words. And on that is also being worked on: Nimiq Login files (link). Rather than writing down your 24 words, you download a PNG file with encrypted version of your 24 words. Removing the hassle of writing your words, and replace it with just a photo. These Login files are even more safe than your plain text 24 words because they are encrypted with the password you choose when setting up your wallet in the Nimiq Safe. So without the password, the image is worthless. The Login files will have a QR code so you can scan them if you want to import them. But you can also import the Login file from you file system on your computer. The Login files will also support the HD feature so with only one Login file, you can manage more wallets.

Why nimiq don‘t use google Authenticator? Is it possible?

Of course this would be possible but this would completely defy the idea of being the sole owner of your funds and keys. Google Authenticator is a piece of software that lets you easily identify yourself at other services. If you successfully identify yourself with the Google Authenticator app, access to your private key will be granted by the holder of you keys. This means that either Team Nimiq (which they NEVER will) or another third-party services has to store your private key(s) somewhere. This is definitely not the desired model as proved by history with hacks where services, like exchanges, hold your keys/funds.

The answer from @Stefan is really complete but I will double down on it to say that the user flow for account creation will be drastically improved with the next update of the Safe.

Try this https://hub.nimiq-testnet.com/onboard ! --> Soon on mainnet…

There is also the option to create a brain wallet instead.

This is exactly what I was looking for. This makes it more user friendly and more secure at the same time!