2FA Authentication is Necessary


#1

This is something which has irked me quite a bit lately. The ETN mobile/web wallet is extremely insecure. Why is there not integration with common 2FA methods, such as Google Authenticator for 6-digit One Time Passwords, or even better, have the option for hardware based security keys?

Especially hardware security keys, I want to stress. This is a solution which would increase the defense of a wallet from any kind of phishing attempt by orders of magnitude. This would fill that gap between a fairly insecure mobile wallet, and a paper wallet, by requiring a physical key to access your ETN.


#2

Hi Satsukeshi,

Many thanks for your post.

Largely, I agree with what you have said. However, let me look at the issue from another angle.

Current mobile / Web app uses first login and password and then a special pin code to prevent unauthorised access. This is actually fairly common practice as even quite a lot of banks are using the exact system, some of them are still happy with client ID and password, but most of them now need a specific passphrase or letters from it. Together with the extra security checks which are performed on the background they can prevent almost all unauthorised access attempts.

Electroneum implement the exact same features for their Web and mobile wallet. For that reason even though I have originally agreed with your post as the security aspect is extremely important, I feel that the current security measures done by the electroneum team are sufficient enough.


#3

If the team were to consider 2FA in future, I personally would prefer it be added to the Phone app (i.e. when activated on an account, you must get a code from the ETN phone app to be able to login to the website)… not google authenticator. That would make it much easier for users.


#4

Hi @Bugsy_Siegel , thanks for the reply!

Thinking a bit more about it, I can agree with you on those points. However, I still feel that it’s lacking, but perhaps that’s just from a personal standpoint.

One additional form of security I did think of, but forgot to mention earlier, would be biometric for mobile (and then 2FA for web, which can be tied to the mobile app, as @BegaMutex suggested). This I feel would actually be a decent compromise, which would leverage the existing biometric security features in many phones.


#5

It is extremely secure right now but would be a nice optional middle ground between usability and additional security if the team felt it was necessary.


#6

They have already talked about maybe using fingerprint scanner as its fast and secure and more and more phones now have them.


#7

yea i do agree that i hope etn can include 2FA for their web login and finger print login from phone for those who wan quick login access to their phone etn wallet .


#8

I think the fingerprint access would be awesome, as well as the 2FA. I’m sure down the line these could and would be implemented and activated on an opt-in bases. I find the current security sufficient, so I’m happy for them to do their thing, focus on priorities, and improve the project along the way.


#9

I can agree with this; I’d like to see them implement more security as the popularity (and value) increases, to reduce attack vectors. As is, it is likely to be sufficient for the average investor. I guess I’m looking for a nice middle ground between offline storage and the current mobile/web wallet.


#10

I share your views and i would like to add that in matters of security ,trying to protect users funds ,ETN should not make it too difficult to access funds as at when due.I had a terrible experience with Blockchain in the case of security.For months i could not access my bitcoin wallet simply because Blockchain won’t send me the code by sms.Once i was able to access that account i immediately deactivated that feature.My point is excessive security features would only inconvenience ETN users