Skip to content
This repository has been archived by the owner on Nov 21, 2019. It is now read-only.

Please, add the possibility to use Google Authenticator and/or Yubikey 2FA to secure transactions #292

Closed
Nogreedy opened this issue Nov 21, 2016 · 22 comments
Closed

Please, add the possibility to use Google Authenticator and/or Yubikey 2FA to secure transactions #292

Nogreedy opened this issue Nov 21, 2016 · 22 comments

Comments

@Nogreedy
Copy link

Please, add the possibility to use Google Authenticator and/or Yubikey 2FA to secure transactions
Thanks for your great app - website.
@Nogreedy
Copy link
Author

Nogreedy commented Dec 26, 2016
edited
Loading

@tayvano
Is it possible to add a label or comment please?
Thanks.

@Nogreedy
Copy link
Author

Nogreedy commented Jan 5, 2017

@kvhnuke @tayvano
Is it possible for you to add a label or comment this issue please?
Thanks.
Happy new year.

@tayvano
Copy link
Contributor

tayvano commented Jan 6, 2017

As we have no servers, there is no way to add Google Authenticator or other 2FA providers.

The entire point of 2FA is to require a server to not give access unless 3 pieces of information are given: username, password, correct answer to 2fa challenge.

This is NOT how MyEtherWallet nor Ethereum works.

MyEtherWallet allows YOU via YOUR BROWSER to sign transactions with your private key and broadcast them to the network. The Ethereum network - the blockchain itself - takes the address associated with this transaction and "moves" the ETH from that address to the address you specify in the transaction. There are no servers involved.

The password only comes into play when decrypting an encrypted private key. Again, this password is not going to a server somewhere or the blockchain or anything. Your browser attempts to decrypt the file you give it with the password you also give it. If it works, it works and you have a private key and you can sign a transaction. If it doesn't, it assumes the password is wrong, and you don't have a key.

In order to activate 2FA, we would have to store your key on our servers. Even with 2FA, this is far LESS secure (not to mention, far more centralized) than our current method of never saving, storing, or transmitting your private key ever.

@tayvano tayvano closed this as completed Jan 6, 2017
@Nogreedy
Copy link
Author

Nogreedy commented Jan 6, 2017

@tayvano @kvhnuke
Thanks for your answer.
For your information, Electrum wallet (for Bitcoin of course) uses 2FA with multiSig
It uses an external service (TrustedCoin - paid service - costs 0.0005 BTC/transaction) and Google Authenticator
Bitcoins are stored at a 2-of-3 multisig address.
I know it's different way from how MyEtherWallet works but with MyEtherWallet, if you don't use Ledger Nanao S and if a computer is compromised with malware, an attacker would then be able to steal coins.
http://docs.electrum.org/en/latest/2fa.html
https://api.trustedcoin.com/#/electrum-help

@tayvano
Copy link
Contributor

tayvano commented Jan 6, 2017

Bitcoins are stored at a 2-of-3 multisig address.

And this is a very key difference. In this case, one of your private keys is stored on a server. You can only not have your keys compromised if you don't keep both keys on your computer. While this is great in theory, in reality using an online service to provide you with 2 keys means that both keys are on your internet-connected device at some point. So if the site is compromised at any point & your 2 keys are compromised upon generation, you're still fucked. And if you store both keys on your computer and your computer is compromised, you're still fucked. And if the server is compromised and one of your keys is compromised, again, you're fucked.

Ether.li attempted to do 2-of-3 multisigs and there are a number of problems today:

  1. Since they are a contract address, they require more gas to be sent with any transaction to that address, which a lot of exchanges still somehow haven't figure out how to do. They send with 21000 gas, the transaction fails, and people are confused.

  2. Even though its 2 of 3 so technically users should be able to get their funds out if that service disappears, people somehow don't get that. See numerous posts about people confused about how to access their ether.li funds.

  3. There are far less options for multisig right now than non-multisig. In fact, the only one is Mist.

  4. It costs money to start a multisig in Ethereum (for gas). Based on the 10+ emails/day from people who don't have any ETH and can't send tokens / withdraw from The DAO, it's not feasible to expect most people to be able to pay upfront to start this wallet.

Perhaps in the future when external services figure out how to estimate gas and the multisig and user ecosystem is more evolved, we will reconsider. At this point, there are about 10000 other things on our to-do list and this just isn't one of them. We have no interest in holding any keys or dealing with the myriad of security and support issues that come with it.

Even then, I would still recommend that an offline paper wallet + offline transactions or an dedicated device (Ledger) is going to be your safest & most decentralized option.

@Nogreedy
Copy link
Author

Nogreedy commented Jan 6, 2017

@tayvano Thanks so much for your detailed and intelligent answer.

@GILLIARDFN
Copy link

TIVE 4 MIL US ROUBADO HOJE ESTA CARTEIRA É UMA PORCARIA

@Wullee Wullee mentioned this issue Nov 30, 2023
Open
@enterstudio enterstudio mentioned this issue Dec 1, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Nogreedy @tayvano @GILLIARDFN and others