It’s definitely a bold choice… I love the sentiment, but I can’t see how this will possibly be good for MyCrypto, since even those of us who appreciate what they are doing are also not thrilled about the impact to usability. Wrt the website, MyCrypto hasn’t differentiated themselves enough from MEW to really give users a good reason to stick with MC over MEW, which I think is unfortunate. Perhaps the real issue here is with timing, and once MC has a bigger reach they can start making the Apple-like innovations.
I can definitely see this leading to an exodus (lol) from MC back to MEW and other wallets, which both defeats the purpose of removing PK access but also subjects users to the arguably less secure MEW/other services. I say arguably less secure just because of the differences in quality of the codebases between MEW and MC.
This decision doesn’t increase current security, it just removes less secure features that are already standard in the industry. Perhaps the better choice is to sacrifice something other than usability to achieve better security, all while adding features. It’s completely anti-MyCrypto philosophy, but maybe adding 2FA to PK access methods is a better way to go for both the company and community? I think this would mean centralizing aspects of MC, as well as compromising anonymity to an extent, but it does increase security across the community moreso than everyone just switching to MEW. This also differentiates the desktop app from the website even more, hopefully encouraging more people to use it instead of any website (which is one of the best outcomes possible).
Another thing I’m concerned about is how this decision will ultimately increase the dependency on MetaMask. There’s a surprisingly large amount of people using hardware wallets (not sure how popular the Parity Signer is), but for those who aren’t, they are left with only one way to access their funds and it’s through a product that the MyCrypto team has very little control over.
What happens if a vulnerability is found in MetaMask? What happens if the app page gets compromised and everyone with MM now has a malicious program installed? From a security standpoint, browser plugins are one of the worst offenders for wide-spread attacks, and they can impact even those with good security practices.
MetaMask is/was already a huge privacy problem, and encouraging people to use it is a double-edged sword IMO. I’d rather it be a more optional choice for those wanting to use MC.
Perhaps another thing to consider is a MyCrypto “login” plugin that is separate from MM? I imagine it could be quite small and secure, and removing all the Web3 stuff would make me rest just a tiny bit easier.