Posted by Liraz Siri, on 03 Oct 2019
Yesterday I tried buying ETH through my Portis web wallet for the first time. Overall a good experience. Very streamlined and didn't take too long to get all the way through to having ETH in my wallet. But... could be even better. Scott mentioned this was the right place to post feedback so here it goes.
Possible security issue. Portis doesn't seem to be using a strong KDF to transform the wallet passphrase. This could make dictionary/bruteforce attacks on encrypted data stored on your servers much more feasible. Fine for low value wallets but maybe there should be an option to increase security for higher value wallets. Maybe take a look at warpwallet to see an example of a strong KDF function used to generate private keys.
UX issues off the top of my head: 1) Choosing the phone country code from the huge dropdown list was hard. A searchable widget would be nice.
2) It was generally unclear on the page where I was asked to provide my personal details what would be done with them. Crypto people will be slightly more concerned than the average lot about that sort of thing, since it could be used to launch SIM swap attacks against them and so forth. Things I was asking myself: - why are they asking for my phone number? - how will the data being collected be secured? - is the data going to be saved locally or on Portis's servers?
3) The submit button stayed disabled until I filled in all of the fields. It was a bit frustrating to have to hunt down for which field this was with no visual feedback on what was missing. If the submit button was not disabled maybe the form could provide feedback on what I was doing wrong.
4) Unclear when you click on buy that you need to select a card to continue. Nothing looks like a button and there's no prompt.
5) Web wallet UX doesn't look at home on a wide laptop screen. Looks like a converted mobile app running in emulation mode.
Be the first to leave a comment.