This is something which has irked me quite a bit lately. The ETN mobile/web wallet is extremely insecure. Why is there not integration with common 2FA methods, such as Google Authenticator for 6-digit One Time Passwords, or even better, have the option for hardware based security keys?
Especially hardware security keys, I want to stress. This is a solution which would increase the defense of a wallet from any kind of phishing attempt by orders of magnitude. This would fill that gap between a fairly insecure mobile wallet, and a paper wallet, by requiring a physical key to access your ETN.
Largely, I agree with what you have said. However, let me look at the issue from another angle.
Current mobile / Web app uses first login and password and then a special pin code to prevent unauthorised access. This is actually fairly common practice as even quite a lot of banks are using the exact system, some of them are still happy with client ID and password, but most of them now need a specific passphrase or letters from it. Together with the extra security checks which are performed on the background they can prevent almost all unauthorised access attempts.
Electroneum implement the exact same features for their Web and mobile wallet. For that reason even though I have originally agreed with your post as the security aspect is extremely important, I feel that the current security measures done by the electroneum team are sufficient enough.
Thinking a bit more about it, I can agree with you on those points. However, I still feel that it’s lacking, but perhaps that’s just from a personal standpoint.
One additional form of security I did think of, but forgot to mention earlier, would be biometric for mobile (and then 2FA for web, which can be tied to the mobile app, as @BegaMutex suggested). This I feel would actually be a decent compromise, which would leverage the existing biometric security features in many phones.
yea i do agree that i hope etn can include 2FA for their web login and finger print login from phone for those who wan quick login access to their phone etn wallet .
I think the fingerprint access would be awesome, as well as the 2FA. I’m sure down the line these could and would be implemented and activated on an opt-in bases. I find the current security sufficient, so I’m happy for them to do their thing, focus on priorities, and improve the project along the way.
I can agree with this; I’d like to see them implement more security as the popularity (and value) increases, to reduce attack vectors. As is, it is likely to be sufficient for the average investor. I guess I’m looking for a nice middle ground between offline storage and the current mobile/web wallet.
I share your views and i would like to add that in matters of security ,trying to protect users funds ,ETN should not make it too difficult to access funds as at when due.I had a terrible experience with Blockchain in the case of security.For months i could not access my bitcoin wallet simply because Blockchain won’t send me the code by sms.Once i was able to access that account i immediately deactivated that feature.My point is excessive security features would only inconvenience ETN users
