What is a Quick Access URL?


#1

It is a specially crafted URL which allows you to avoid using the complex 12 word pass phrase when logging in to your Counterwallet.

It can be created in Counterwallet Settings (the gear wheel icon) or, in case of a new wallet, during the initial wallet setup procedure.

Example of the first of two steps taken on the Counterwallet Testnet is displayed below.


Lost my 12 words, but have quick access link, can I recover 12 words from there?
#2

When I open a quick link, does my browser send cp parameter and it’s value to Counterwallet server?


#3

No, it doesn’t send the pass phrase to the server.

I haven’t looked at the code but I think the way it works is when you access Quick Access URL, it downloads Counterwallet (wallet s/w) in the browser, asks you to enter the password, at which point the password is used to derive wallet pass phrase from the URL.
I think one risk is that the URL might be intercepted, and then the attacker could brute-force the password for Quick Access URL. Because the connection is encrypted with HTTPS, the attacker either needs to break that, or break into Counterwallet server, and then brute-force your password. But if the latter happened they’d probably let you download something else and not Counterwallet code. The 12 word pass phrase is also not secure from the latter attack, so although Quick Access URL seems less secure, neither can handle the issue of the server falling under an attacker’s control. I don’t know if there are Web wallets that solve this problem better, though.