Bittensor Wallet Extension - No Password/PIN Authentication Security Issue #587
Description
Issue Summary
The Bittensor wallet extension (v2.0.2) does not require password/PIN authentication when opened, creating a security vulnerability for users with significant TAO holdings.
Environment
- Browser: Chrome
- Extension Version: 2.0.2
- Network: Finney (mainnet)
- Operating System: Windows
Current Behavior
- Wallet opens immediately without any authentication
- No password/PIN prompt even in incognito mode
- No visible security settings in the wallet interface
- Extension remains unlocked indefinitely
Expected Behavior
- Wallet should require password/PIN authentication on startup
- Should have security settings to enable/configure authentication
- Should auto-lock after a period of inactivity
- Should require authentication after browser restart
Security Concern
I have 25+ TAO in my wallet (significant holdings), and the lack of authentication poses a serious security risk if someone gains access to my computer.
Steps to Reproduce
- Install Bittensor wallet extension v2.0.2
- Set up wallet with seed phrase
- Close browser completely
- Reopen browser and click wallet extension
- Wallet opens immediately without authentication
Additional Information
- Unable to find any lock/security options in wallet settings
- Checked all menu options and settings pages
- Issue persists across different browser sessions
Request
Please add password/PIN authentication feature or provide guidance on how to enable existing security features if they exist.