First and foremost, we are an open source project in which development is publicly managed via our GitHub using the following branching model: http://nvie.com/posts/a-successful-git-branching-model. We place very high value on security, therefore we are constantly expanding our code test suite and have a rigorous peer-review system. The test coverage is constantly being improved.
The Lisk network is both decentralized and trustless. That means no single individual is in direct control. The network is secured by 101 democratically elected delegates whose primary responsibility is to confirm and broadcast the validity of transactions by including them in generated blocks. All Lisk accounts on the network are eligible to vote for delegates registered on the Lisk Blockchain network and therefore they are the controlling instance.
Much of the trust in Lisk comes from the fact that it requires no trust at all. Lisk is fully open-source and decentralized. This means that everyone has access to the entire source code at any time. Developers around the world are free to inspect and verify exactly how Lisk works. All transactions can be transparently audited in real-time by anyone. All payments can be made without reliance on a third party and the whole system is protected by heavily peer-reviewed cryptographic algorithms like those used for online banking.
Lisk has never been hacked nor are we aware of any active hacking attempts, besides DDoS attacks. There have been a number of bugs occurring on the network, which were fixed immediately. All occurred due to rare edge cases within the network.
Lisk uses brain wallets to create accounts and let users access them. That means your account has one passphrase which let you access it. If someone else is typing in the exact same passphrase, they will gain access to your account. Your passphrase needs to be very long and secure to make it mathematically improbable that someone else will accidentally or willingly use the same one. Please note, if you lose access to your first passphrase you won't be able to recover your money.
When someone sends you LSK, they will use the address in order to do so. Since the address is an abbreviation of the public key, it is less resistant to a collision than the public key is. As soon as you make an outgoing transaction, your public key can be recorded on the blockchain and therefore will be collision-free. In other words, making at least one outgoing transaction from your wallet will even further improve the security of your LSK address.
If Lisk Nano is not accepting your passphrase and you cannot login to your account, this is likely due to the passphrase being written incorrectly. In order to make sure the passphrase is correct follow these steps:
- Download the latest version of Lisk Nano.
- Make sure your passphrase has exactly twelve words with exactly one space between each two words, so 11 spaces in total.
- Verify your twelve words by going through the Mnemonic BIP39 Word List. All of the words should be listed exactly as in the list.
- Make sure that there are no extra spaces before or after the twelve word passphrase, or any hidden characters anywhere in it.
- Copy the passphrase from the URL and paste into Lisk Nano.
- If this does not work, reinstall Lisk Nano and try again.
Due to the immutability of the Lisk Blockchain there is no innate solution to resetting a passphrase. In the event of losing your passphrase, you will lose access to your Lisk account and all the funds in it. Please make sure to keep your passphrase very safe!
The second passphrase is an additional security layer. Every account can have a second passphrase which needs to be entered whenever you make a transaction. If you store the second passphrase on another device or on a piece of paper, it is similar to a two-factor-authentication. Please note, if you lose access to your second passphrase you won't be able to recover your money.
Multi-signature groups consist of the group owner and up to 15 subordinates, that means a total of 16 (N) accounts. The subordinates need to confirm every transaction from the group owner's account. Every multi-signature group can specify how many (M) confirmations they need. If not enough confirmations are collected, the transaction will not be sent. With the given parameters you also speak about a M of N multi-signature group.