Metamask-extension: Why do you need to create a new password when adding a new browser?

Created on 27 Sep 2018 · 7Comments · Source: MetaMask/metamask-extension

Describe the bug
When "restoring" a wallet to add Metamask to another browser, it asks to create a new password.
There's a lot of UX problems here. One: I don't need to "restore" anything. I just need Metamask to work on more than one computer and more than one Browser (Gods Unchained breaks on Brave, for example).
It doesn't seem like it should be necessary to create a new password each time you add Metamask on a new device.
A) it adds a lot of friction to users
B) it's just a new login. It's not a restoration (which implies something was lost)

To Reproduce
Get Metamask set up on one site then go to set it up on another.

Expected behavior
Let me input my seed phrase and my existing password.

Browser details (please complete the following information):
First browser: Brave.
Browsers requesting new passwords: Chrome and Firefox.

I had Metmask running on multiple browsers on older PCs but something has changed since I got this new one and now I can only log in on one.

design feedback

Source

BradyDale

Most helpful comment

I definitely understand all of this. I'm telling you that you need to communicate this differently to users.
"New password" is the wrong way to put it.
"Restore" is also not the right way to describe it.

BradyDale on 27 Sep 2018

👍2

All 7 comments

hey @BradyDale - your MetaMask password doesn't work the same way as most passwords you're used to.

In most log-in flows (Gmail, for example), your password is sent to a server, checked against the password on record for your account, and if they match, you're allowed in. This is a simplification, but the principle stands.

In MetaMask, we don't store any of your secrets on our servers. We don't even have servers! Instead, your seed phrase has the ability to generate your private key, no matter what browser you enter it into, using an algorithm called BIP-39. The password is simply used to encrypt your MetaMask data locally, in your browser, so things like your private key aren't stored in plaintext.

This means your password never leaves the browser you've installed MetaMask on. It means you could have the same seed phrase on two different browsers, with a different password in each browser! It also means we can't help you reset your account, recover your password, or recover your seed phrase.

Hope this makes sense.

@JSON-LEE13 @rdymac we should probably get something to this effect up in the support center to save some time. I'd also love if we did a little more explaining about the purpose of the password during onboarding.

bdresser on 27 Sep 2018

👍1

BradyDale on 27 Sep 2018

👍2

duly noted. I agree! thanks for the feedback

bdresser on 27 Sep 2018

couldn't agree more, which is why i'm here reading this thread, and I'm a web designer who is pretty tech savvy, how are 'regular' people supposed to figure this out?

Also your answer above @bdresser doesn't say if you can just use the same password on all browsers, but I'm assuming you could, it's just used as an encryption key for the pass phrase right?

the UI in this case should be the same as what people are use to, -enter your password- or create a new password right?

condensed-io on 24 Jan 2019

actually just say 'make a new password' -or- 'import your current password'

when someone clicks on import they have to put in their seed phrase and current password

condensed-io on 24 Jan 2019

Could simply be solved with @bdresser 's comment above on the new browser setup screen. Then change the text "New Password" to something like "New password for this browser"

eervin123 on 27 Aug 2020

Also your answer above @bdresser doesn't say if you can just use the same password on all browsers, but I'm assuming you could, it's just used as an encryption key for the pass phrase right?

You totally can, yes

BradyDale on 27 Aug 2020

Was this page helpful?

0 / 5 - 0 ratings