feat: don't allow Secret Key as password

app/crypto/validate-password.ts

@@ -1,3 +1,4 @@
+import { validateMnemonic } from 'bip39';
 import zxcvbn, { ZXCVBNResult, ZXCVBNScore } from 'zxcvbn';
 
 const truncateCpuDemandingPassword = (input: string) => input.substr(0, 100);
@@ -18,17 +19,21 @@ export interface ValidatedPassword extends ZXCVBNResult {
   meetsLengthRequirement: boolean;
   meetsScoreRequirement: boolean;
   meetsAllStrengthRequirements: boolean;
+  isMnemonicPhrase: boolean;
 }
 
 export function validatePassword(input: string): ValidatedPassword {
+  const isMnemonicPhrase = validateMnemonic(input);
   const password = input.length > 100 ? truncateCpuDemandingPassword(input) : input;
   const result = zxcvbn(password);
   const meetsScoreRequirement = hasHighestPasswordScore(result.score);
   const meetsLengthRequirement = hasSufficientLength(input);
-  const meetsAllStrengthRequirements = meetsScoreRequirement && meetsLengthRequirement;
+  const meetsAllStrengthRequirements =
+    meetsScoreRequirement && meetsLengthRequirement && !isMnemonicPhrase;
 
   return Object.freeze({
     ...result,
+    isMnemonicPhrase,
     meetsScoreRequirement,
     meetsLengthRequirement,
     meetsAllStrengthRequirements,

app/pages/onboarding/07-set-password/set-password.tsx

@@ -19,6 +19,9 @@ import {
 } from '@crypto/validate-password';
 
 const weakPasswordWarningMessage = (result: ValidatedPassword) => {
+  if (result.isMnemonicPhrase) {
+    return `Don't use your mnemonic Secret Key as your wallet password. This password is used to encrypt your Secret Key.`;
+  }
   if (result.feedback.suggestions.length > 0) {
     return `${result.feedback.suggestions.join(' ')}`;
   }
@@ -48,6 +51,7 @@ export const SetPassword: React.FC = () => {
     const pass = e.currentTarget.value;
     setPassword(pass);
     const result = validatePassword(pass);
+    if (result.isMnemonicPhrase) setHasSubmitted(true);
     setStrengthResult(result);
   };