Allow user to skip recovery phrase backup and entry to dashboard, but force backup before generating an address

[Phyloiota]

Description

The finalising of profile creation should only be possible if: 1.) pw and pin created and 2.) 24 words have been noted and checked by the software that they are remembered correctly and 3.) backup of the stronghold has been downloaded

• only then profile creation should process and open firefly

Motivation

security

without backup of the file users may loose access to funds

Requirements

check routine that all 3 conditions are fullfilled

Open questions (optional)

Use this section to ask any questions that are related to the feature.

Are you planning to do it yourself in a pull request?

no

[rafaeldjpbrochado]

This is way too much onboarding friction for the average user. When you register an account on an exchange, they don't force you to setup 2FA and all kinds of other security right away. You can use the exchange with just a regular email and password, but they add big red warnings on top of their website saying your security is very poor, and they won't let you do certain actions until you improve your security.

When you click on those warnings (after you're already logged in and all settled), you're taken to a security page, where you find out that it's recommended you setup 2FA and all kinds of other security phrases. At that point, you may or may not choose to do it, depending on what actions you'll be doing. It's up to you. If you don't have any funds or personal information on your account, it doesn't really matter whether you have 2FA enabled or not. The same principle applies to Firefly.

Firefly should have a very similar onboarding experience for users who are creating new accounts:

1. Setup a profile name
2. Setup a password
3. Setup a 6-digit PIN

And that's it.

Then, when you click on the "Receive Funds" button which is on the homepage, the app should check:

• Has the user ever downloaded a Stronghold backup of this account in the past?
• Has the user ever been presented with their mnemonic seed?

If the answer to both is yes, simply display an address as it works currently in v0.1.0.

If the answer to either is no, the app should say something along the lines of:

In order to receive funds, your account first needs a receiving address. Addresses are unique identifiers which you can share with other users so they can send you funds. To generate a receiving address on your account, you must first download a Stronghold backup and save a copy of your mnemonic seed.

Explain what Stronghold backups and mnemonic seeds are, and why it's important that you save them both before you gain access to a receiving address. Use flashy but simple animations and non-technical terms.

In summary:
The onboarding experience should be simple and quick. Less than 20 seconds. After I am inside the app, if I want to perform certain actions (e.g. receive funds) I should be forced to backup my seed and so on.

@cvarley100

[rafaeldjpbrochado]

Furthermore, if Firefly in the future gains new modules for things like decentralized exchanges, colored token marketplaces, and so on, users should be able to create new accounts and access & browse through all that without ever being prompted to download a Stronghold backup or a mnemonic seed. Their Stronghold backup and mnemonic seed only become relevant when the users decide to actually buy stuff.

[cvarley100]

Definitely more important on mobile, but we will consider it.