Key management and security have been on our minds a lot lately at SDF. There is always the potential for bad actors to appear when dealing with value of any sort, and blockchain is no exception. So how do we improve the users’ experience on Stellar while keeping their secret keys safe?
One of the earliest tools we built at SDF was the Stellar Account Viewer (AV) – a simple Web application that, as the name suggests, allows you to view your account on the Stellar network. You can check your lumen (XLM) balance and payment history, as well as send XLM and share your Stellar address to receive payments. When the AV was built in 2015, it was meant to serve as a supplemental tool for bridging the old and new network. Over time, more and more people started using it as the primary means to create new accounts and make simple payments. The Account Viewer is now one of the most popular network interfaces, in part because it's so simple and streamlined.
However, a lot has changed in the Stellar ecosystem since AV first launched. Stellar core has undergone multiple protocol upgrades, Horizon is more efficient, hardware wallets like Ledger have a handful of new features, and there’s an rapidly increasing number of improvements being pushed to Stellar SDKs. On top of all of this, there’s much broader industry-wide knowledge for basic security requirements for users. With this understanding — and the increasing number of users visiting the Account Viewer each week — we’ve decided to redesign this application.
Today we’re excited to introduce a future-forward AV for 2021 and beyond.
We’ve implemented changes to AV designed to improve security and user experience. AV now has a stronger focus on hardware wallets, like Ledger and Trezor, and browser wallets, like Albedo and Freighter (brand new! see below!), so you can easily log in without pasting your raw secret key. We’ve also added messages to raise your awareness of potential risks, and tips to help you keep your account safe.
The AV experience was less than ideal on mobile, but now features a new design and fully responsive layout. No matter what screen or browser you’re on, the layout and font will adjust to its size.
AV is also more modular and easier to keep up-to-date on network standards. It’s now built using React and remains open-source. We leverage wallet-sdk helper methods to make it easier and more consistent to handle signing in and sending XLM. Viewing transaction details is also more convenient now thanks to a StellarExpert integration.
In addition to a new Account Viewer, we also just released Freighter, a new browser wallet that stores your keys locally, encrypted in a browser extension. Integrating Freighter into Stellar-powered apps means developers can spend more time focusing on their product, and users can securely interact with these apps without needing a hardware wallet or revealing secret keys.
Freighter is currently supported by Account Viewer, Stellar Laboratory, and StellarTerm. We have plans to expand compatibility with other platforms in the future.
You may have already seen Albedo, another great browser wallet, around the Stellar ecosystem. Although both are unique takes on browser-based wallets, Albedo and Freighter appeal to different user groups and use cases. Albedo functions as a pop-up web app and doesn’t require an extension to use, which makes it perfect for a variety of more technically heavy use-cases. Freighter features the familiar functionality of popular wallet extensions like Metamask, helping to bridge the gap for new Stellar users. We’re excited to foster an ecosystem where both products can be supported by Stellar-based applications.
The Stellar Account Viewer is now live, as is Freighter!
As always, please be on guard for potential scams. You can bookmark this URL so you can always check the link is correct before connecting. Reading our 3-part series on key management will also familiarize yourself with the importance of keeping your secret key safe:
If you have an idea for a feature or have found a bug, please file an issue on GitHub. If you can fix a bug, even better! PRs are much appreciated!
Subscribe to the monthly roundup