When you first sign into Portabella on a computer you'll be prompted to enter a password to lock your account.
This should not be the same password / mnemonic you used to register.
Portabella works by encrypting everything in your browser before it's sent to our servers. To do this your browser (in LocalStorage to be specific) contains your private key to:
- sign requests (certifying it's you doing an operation)
- decrypt your project specific keys.
One big security risk however to storing this private key is that anyone with access to your computer would be able to steal it. If you left your computer unattended or even if you're sharing a desktop login between friends it would be at risk.
To mitigate this we allow the option to encrypt your local private key with a password. This prevents anyone from swiping your private key when you're not looking.
You'll need to provide this password everytime you resume your Portabella session or refresh the page.
If you are certain your computer will never be compromised (for example your desktop computer at home that only you have access to), you can feel free to use Portabella without locking your local account.