New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please, add the possibility to use Google Authenticator and/or Yubikey 2FA to secure transactions #292

Closed
Nogreedy opened this Issue Nov 21, 2016 · 7 comments

Comments

Projects
None yet
3 participants
@Nogreedy
Copy link

Nogreedy commented Nov 21, 2016

Please, add the possibility to use Google Authenticator and/or Yubikey 2FA to secure transactions
Thanks for your great app - website.

@Nogreedy

This comment has been minimized.

Copy link

Nogreedy commented Dec 26, 2016

@tayvano
Is it possible to add a label or comment please?
Thanks.

@Nogreedy

This comment has been minimized.

Copy link

Nogreedy commented Jan 5, 2017

@kvhnuke @tayvano
Is it possible for you to add a label or comment this issue please?
Thanks.
Happy new year.

@tayvano

This comment has been minimized.

Copy link
Contributor

tayvano commented Jan 6, 2017

As we have no servers, there is no way to add Google Authenticator or other 2FA providers.

The entire point of 2FA is to require a server to not give access unless 3 pieces of information are given: username, password, correct answer to 2fa challenge.

This is NOT how MyEtherWallet nor Ethereum works.

MyEtherWallet allows YOU via YOUR BROWSER to sign transactions with your private key and broadcast them to the network. The Ethereum network - the blockchain itself - takes the address associated with this transaction and "moves" the ETH from that address to the address you specify in the transaction. There are no servers involved.

The password only comes into play when decrypting an encrypted private key. Again, this password is not going to a server somewhere or the blockchain or anything. Your browser attempts to decrypt the file you give it with the password you also give it. If it works, it works and you have a private key and you can sign a transaction. If it doesn't, it assumes the password is wrong, and you don't have a key.

In order to activate 2FA, we would have to store your key on our servers. Even with 2FA, this is far LESS secure (not to mention, far more centralized) than our current method of never saving, storing, or transmitting your private key ever.

@tayvano tayvano closed this Jan 6, 2017

@Nogreedy

This comment has been minimized.

Copy link

Nogreedy commented Jan 6, 2017

@tayvano @kvhnuke
Thanks for your answer.
For your information, Electrum wallet (for Bitcoin of course) uses 2FA with multiSig
It uses an external service (TrustedCoin - paid service - costs 0.0005 BTC/transaction) and Google Authenticator
Bitcoins are stored at a 2-of-3 multisig address.
I know it's different way from how MyEtherWallet works but with MyEtherWallet, if you don't use Ledger Nanao S and if a computer is compromised with malware, an attacker would then be able to steal coins.
http://docs.electrum.org/en/latest/2fa.html
https://api.trustedcoin.com/#/electrum-help

@tayvano

This comment has been minimized.

Copy link
Contributor

tayvano commented Jan 6, 2017

Bitcoins are stored at a 2-of-3 multisig address.

And this is a very key difference. In this case, one of your private keys is stored on a server. You can only not have your keys compromised if you don't keep both keys on your computer. While this is great in theory, in reality using an online service to provide you with 2 keys means that both keys are on your internet-connected device at some point. So if the site is compromised at any point & your 2 keys are compromised upon generation, you're still fucked. And if you store both keys on your computer and your computer is compromised, you're still fucked. And if the server is compromised and one of your keys is compromised, again, you're fucked.

Ether.li attempted to do 2-of-3 multisigs and there are a number of problems today:

  1. Since they are a contract address, they require more gas to be sent with any transaction to that address, which a lot of exchanges still somehow haven't figure out how to do. They send with 21000 gas, the transaction fails, and people are confused.

  2. Even though its 2 of 3 so technically users should be able to get their funds out if that service disappears, people somehow don't get that. See numerous posts about people confused about how to access their ether.li funds.

  3. There are far less options for multisig right now than non-multisig. In fact, the only one is Mist.

  4. It costs money to start a multisig in Ethereum (for gas). Based on the 10+ emails/day from people who don't have any ETH and can't send tokens / withdraw from The DAO, it's not feasible to expect most people to be able to pay upfront to start this wallet.

Perhaps in the future when external services figure out how to estimate gas and the multisig and user ecosystem is more evolved, we will reconsider. At this point, there are about 10000 other things on our to-do list and this just isn't one of them. We have no interest in holding any keys or dealing with the myriad of security and support issues that come with it.

Even then, I would still recommend that an offline paper wallet + offline transactions or an dedicated device (Ledger) is going to be your safest & most decentralized option.

@Nogreedy

This comment has been minimized.

Copy link

Nogreedy commented Jan 6, 2017

@tayvano Thanks so much for your detailed and intelligent answer.

@GILLIARDFN

This comment has been minimized.

Copy link

GILLIARDFN commented Feb 13, 2018

TIVE 4 MIL US ROUBADO HOJE ESTA CARTEIRA É UMA PORCARIA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment