Feature - 2 Factor Authentication

moocowmoo said:
Authy knows nothing about what you have configured as 2fa tokens, is all encrypted client side like zerobin.
The phone number is for recovery when you need to migrate the encrypted database to a new device.
Authy supports TOTP (RFC 6238) tokens with the added convenience of recovering your keys if your phone or device is lost or damaged.
Click to expand...
It may be a fine system, and I certainly not qualified to critique it. My concern is if you can be identified with a device or public key you must trust to some extent those who can make that identification. For those living in "free" societies, with some measure of due process, things are fine for now. But I have seen changes take place very rapidly where freedoms and "protections" evaporate with astonishing ease.
 
InstantX is neat to me but not overly exciting. But THIS. If you pull protocol level 2FA off well, THIS would be amazing.
 
so we are going from being an electronic equivalent of cash to a much safer version of cash, yet retaining the same good qualities (fungible, anonymous, instant + protected!)
 
moocowmoo said:
Authy knows nothing about what you have configured as 2fa tokens, is all encrypted client side like zerobin.
The phone number is for recovery when you need to migrate the encrypted database to a new device.
Authy supports TOTP (RFC 6238) tokens with the added convenience of recovering your keys if your phone or device is lost or damaged.
Click to expand...

I would like to be able to make a screenshot of my 2FA qr code and zip it with password and store it in the cloud. Just like I do with FreeOTP or Google authenticator on many exchanges. Is this possible with Authy? Is Authy open source?
 
This is great for security...

Would it also be possible for somebody in this great community to create a Trezor for Darkcoin?

The code can be found here https://github.com/trezor/

Just an idea and a great business opportunity for somebody with the know-how and skills :)
 
Last edited by a moderator:
jpr said:
I would like to be able to make a screenshot of my 2FA qr code and zip it with password and store it in the cloud. Just like I do with FreeOTP or Google authenticator on many exchanges. Is this possible with Authy? Is Authy open source?
Click to expand...
No. Unfortunately Authy is closed source. And, probably fortunately, does not allow exporting 2FA keys once imported.
You'd need to make your screenshots at the time of import.
 
dazman said:
This is great for security...

Would it also be possible for somebody in this great community to create a Trezor for Darkcoin?

The code can be found here https://github.com/trezor/

Just an idea and a great business opportunity for somebody with the know-how and skills :)
Click to expand...

Modifying trezor's firmware to support darkcoin is trivial.
Getting that firmware to install on a trezor without enabling developer mode would require the cooperation of satoshilabs.
(Only they can generate a signature for the new firmware that a trezor will accept.)
Then mytrezor.com would have to be forked/updated.

But, I suspect that satoshilabs is going to implement BIP44 eventually. This would enable support for any coin type.
 
fernando said:
I think this can be done with multisigs. With a 2 of 2 multisig and the second signature in the phone, you'll always need to validate the transaction from the phone's wallet. The 'only' thing needed would be a way to link phone and computer wallets and let them communicate. Maybe a unique random identifier of the wallet that you introduce in the other wallet could tie them together? If that were feasible, one could send the other the public key of an address to generate the multisig. Then the send tab would need to be able to create a multisig transaction, sign it and send the data about the transaction (just a long text string) to the other wallet for signature.

Am I missing something?
Click to expand...

Exactly my thoughts. Maybe evan is referring to some advanced multisignature technology?
 
Probe said:
What will happen , If someone lose his 2FA. Like loosing the mobile phone or else ?
Click to expand...
We should be able to make a copy/screenshot of our 2fa key and keep it safe. If you loose your phone you can just import it to a new phone. That is what I always do with my 2fa keys.
 
what if you lost access to your f2a ? stolen mobile phone?
still haven't got the idea on how this is gonna be implemented, but those were my first 2 thoughts
 
jpr said:
We should be able to make a copy/screenshot of our 2fa key and keep it safe. If you loose your phone you can just import it to a new phone. That is what I always do with my 2fa keys.
Click to expand...

Uh so basically, same as storing a private key for a wallet somewhere safe?
 
teamer said:
Uh so basically, same as storing a private key for a wallet somewhere safe?
Click to expand...
Except you'll most likely not have to use it more than once a year, depending on the frequency with which you change or lose your mobile devices... still more convenient than paper wallets by an order of magnitude.
 
teamer said:
Uh so basically, same as storing a private key for a wallet somewhere safe?
Click to expand...
If someone steals your 2fa key he cannot do much with it. Unless he steals both, private key and 2fa :) you just double your safety with it.
 
moocowmoo said:
Modifying trezor's firmware to support darkcoin is trivial.
Getting that firmware to install on a trezor without enabling developer mode would require the cooperation of satoshilabs.
(Only they can generate a signature for the new firmware that a trezor will accept.)
Then mytrezor.com would have to be forked/updated.

But, I suspect that satoshilabs is going to implement BIP44 eventually. This would enable support for any coin type.
Click to expand...

That's interesting but I was thinking more along the lines of somebody creating a Trezor like device specifically for Darkcoin, which also includes the other features such as Darksend and iX...

I'm sure this would be pretty challenging but Darkcoin would certainly be holding all the cards if it become a reality :)
 
vertoe said:
Exactly my thoughts. Maybe evan is referring to some advanced multisignature technology?
Click to expand...
Great minds think alike :wink:

In fact, it may not even be so advanced. Armory already has implemented multisigs in the GUI and the involved wallets don't see most of what is happening beneath. Instead of a button with a cryptic 'create multisig' it would be a button with a much friendlier 'link with phone wallet', but the protocol would be the same.
 
Google-backed password-killer crosses major milestone

Today, the infrastructure behind that gadget is taking a big step forward. It's called FIDO (short for Fast Identification Online), and today the group is releasing the 1.0 version of its open standard. There had been earlier versions, like the one Google's USB key is based on, but this one is more efficient and more stable, providing a cryptographic backing for any service or authenticator device you want to plug in. As a result, life just got a lot easier for anyone who wants to make a phone with a fingerprint reader or an app that requires a fingerprint before it opens up.

So far there are just a handful of products built on FIDO — but with the new spec, that's about to change. Google's security key was one example, and another was Samsung's fingerprint reader, which could log you directly into the native PayPal app. (Samsung and PayPal were both early FIDO members.) But the company anticipates a flood of new phones and authenticator widgets now that the spec is complete. The iPhone's TouchID sensor will also work with the new spec, thanks to some clever coding by a software company called Nok Nok, which has built a program adapting Apple's now-open API to the FIDO protocols.

http://www.theverge.com/2014/12/9/7359535/google-backed-password-killer-crosses-major-milestone
 
Am trying to understand the proposal: We have Darkcoin, a decentralized currency, and proposal is to hook this up to a certain kind of centralized 2FA solution? Or is the proposal to build this feature into Darkcoin itself? If hooking up to a centralized 2FA solution, what does this do with anonymity? What if some party shuts down the centralized 2FA solution, we cannot transact using DRK anymore?
 
dutchn0mad said:
Am trying to understand the proposal: We have Darkcoin, a decentralized currency, and proposal is to hook this up to a certain kind of centralized 2FA solution? Or is the proposal to build this feature into Darkcoin itself? If hooking up to a centralized 2FA solution, what does this do with anonymity? What if some party shuts down the centralized 2FA solution, we cannot transact using DRK anymore?
Click to expand...
I think this is going to be built into darkcoin protocol. No centralization here :)
 
You must log in or register to reply here.
Back
Top