Lunie: Enforce password confirmation when creating account

What do you mean by password confirmation? We don't have a "Enter the password again". This can be seen in many applications these days. The user should backup the seed phrase with which he can import the account again if he forgot the password.

Yes, I'm talking about entering the password again. It's not about preventing the user from forgetting the password, it's just a way to limit typos.

You are right, but I think for most users it would be a hassle. Let's hear other opinions as well. @cosmos/cosmos-ui

If they wrote down the seed words, they can recover it that way if there was a typo in the password. Although maybe we should be forcing them to prove they really wrote it down.

I strongly believe in having users confirm passwords-- it isn't an unnecessary point of friction for an end-user, especially if it acts as a check that cuts down on access issues due to typo.

Security UI/UX is overwhelmingly important to get right around authentication, so having a confirmation is a good way to help us plan for when users make mistakes or do things with our software that we did not intend or that don't follow best practices. (I.e. failing to write down a seed phrase or store it somewhere safely.)

Although maybe we should be forcing them to prove they really wrote it down.

interesting idea! @jessysaurusrex what do you think about this?

re: confirming password - i guess we might as well. could save a lot of people a headache.

It's interesting idea, but I cannot see a feasible way to accurately measure or enforce this security behavior in a way that it provides a benefit and does not introduce myriad problems on our end. At some point, security is a shared responsibility: we can (and should) encourage people to do the right thing and we should make it easy to do. We can make use of UI to do so in other places and in other ways.

But how do we get proof from the user in a way that doesn't feel like we're being bossy parents to the people who have invested in our work? Do we ask them to click through a check box saying that they've written something down, or serve a security warning that is more likely to be ignored than heeded? Do we ask someone to submit proof of writing it down by taking a picture of their password (a behavior we never want users to engage in) which is something that we can't quite verify or validate easily on our end?

tl;dr I think the confirmation box is sufficient. :)