How safe is 2 factor authorization for Darkcoin users?

[r-ando]

Good day,

I was thinking about this, doesn't 2 factor authorization actually in many ways make you less secure?

A simple line of reasoning is that access to your funds becomes dependent on access to your cell phone.
This also makes you dependent on your cell phone provider. This also creates a situation where if security is not proper, trusted or up to date on the cell phone (old software, tracking, hacking, etc.), then your means of payment could be compromised, your phone could get wet or break and you are left effectively fundless until you can sort out your cell phone problems, for example replace it at the store (which usually takes funds by the way...) You can't change the settings on your funds access because that requires 2 factor authorization too. This also obviously means if someone takes your phone away from you physically or from a distance , especially someone working with the cell phone provider, could effectively shut you off from your funds forever if they so choose, especially when you move in and out of exchanges and online wallets. (If a safe internet existed where you could basically never get hacked because no data is collected so you can't get identified and found, then 2 factor authorization's apparent benefit would also be redundant, I know we are not quite there yet) As I currently understand 2 factor authorization is actually fundamentally flawed in that sense and can be used a tool for eventual control over people by control of their access to their funds. In my opinion, this should be examined.

Could this possibly be redeveloped in a way where it wouldn't be dependent on the cell phone and other means could be used if the cell phone was unavailable? Thank you for any input on this.

 

[stonehedge]

I have to admit that it does freak me out about what I'd do if I lost my phone. Google Authenticator needs a backup option.

 

[stonehedge]

A backup that I control rather than a backup to the NSA that is...

 

[jpr]

I keep all the 2FA keys backups If I loose my phone I can just use them, don't see a problem here.

 

[r-ando]

quote from valentino007: ''Just buy a small simple pre pay smartphone only for using 2FA,thats how i do it,no crap can be instaled because i dont use it to browse the internet.

''


That makes sense for avoiding linking your identity with your wallet or account, however I'm not sure that completely solves all potential problems. I would probably have gotten a non smart phone in case things are already installed on it too, is there a reason you would go for a smart phone? What happens if that phone gets damaged. Also, is it true they deactivate pre pay phones after a period of non activity, so you would have to make sure to actively maintain the phone... what I mean by this is in an extreme case, if you go into a coma for 2 years and come back to find out your pre pay phone was your only access to your funds it could send you right back into the coma...

Having a little fun, but I think its an interesting discussion thanks for the advice.

 

[r-ando]

I keep all the 2FA keys backups If I loose my phone I can just use them, don't see a problem here.

This seems wise.

 

[nj47]

Good day,

I was thinking about this, doesn't 2 factor authorization actually in many ways make you less secure?

A simple line of reasoning is that access to your funds becomes dependent on access to your cell phone.
This also makes you dependent on your cell phone provider. This also creates a situation where if security is not proper, trusted or up to date on the cell phone (old software, tracking, hacking, etc.), then your means of payment could be compromised, your phone could get wet or break and you are left effectively fundless until you can sort out your cell phone problems, for example replace it at the store (which usually takes funds by the way...) You can't change the settings on your funds access because that requires 2 factor authorization too. This also obviously means if someone takes your phone away from you physically or from a distance , especially someone working with the cell phone provider, could effectively shut you off from your funds forever if they so choose, especially when you move in and out of exchanges and online wallets. (If a safe internet existed where you could basically never get hacked because no data is collected so you can't get identified and found, then 2 factor authorization's apparent benefit would also be redundant, I know we are not quite there yet) As I currently understand 2 factor authorization is actually fundamentally flawed in that sense and can be used a tool for eventual control over people by control of their access to their funds. In my opinion, this should be examined.

Could this possibly be redeveloped in a way where it wouldn't be dependent on the cell phone and other means could be used if the cell phone was unavailable? Thank you for any input on this.

You don't quite understand the technology being used.

1.) Where is 2FA being applied to your funds? It was added to the forums, not the wallet.

2.) 2FA actually is 99% incompatible with a bitcoin wallet. Only the most incompetent developer would even consider adding it the *coin-qt wallet due to what would be required. It goes against the entire decentralized nature of cryptocurrency. It requires a centralized authority which if ever went down would prevent users from access to their wallet.

Ignoring #2:
3.) You are not dependent on your cell phone provider at all. Google authenticator is just an app on your phone. Your provider has no access to it or your private data from it.
3a.) None of the things you mentioned about proper security on your phone are relevant. Google authenticator is just as secure on Android 2.0.0 as it is on 4.4.3. Old has nothing to do with it. With the way android (and iphone) operating system is built, the chances a hacker could get access to your 2fa info is virtually impossible.

4.) If someone is physically separating you from your phone for nefarious purposes, you losing access is the least of your concerns.

5.) Neither your cell phone provider or anybody working with them could shut you off from your funds. Authenticator does not rely on the internet. It works by having a secret token on the client which is used to algorithmically generate a time-determined code. This code you then enter on the provider you're trying to access (be that your gmail, mintpal. or whatever account you use it on) and that server checks if the code you provide matches what your secret token should have generated. You don't need the authenticator app to do that, it is just a simple "wrapper" which stores your secret token and runs the algorithm to turn it into the time-based code.

> "As I currently understand 2 factor authorization is actually fundamentally flawed in that sense..."

Hopefully I've explained that it is your understanding which is fundamentally flawed not 2 factor authorization!

> Could this possibly be redeveloped in a way where it wouldn't be dependent on the cell phone and other means could be used if the cell phone was unavailable?

Yes and no. The entire point of 2FA is kind of defeated if there is a way to get around it without having the second factor. There are MANY workarounds to this though - just look at how most prominent sites have 2fa deployed. One common example is to generate a one-time use token which is provided to the user when they enable 2fa which can be used in the event you don't have your phone.

A backup that I control rather than a backup to the NSA that is...

If you want it to be a backup that you can 100% guarantee only you control, the only feasible option is for you to write down the key itself as jpr mentioned. Though hopefully you can keep this secure from attack, whether that be someone trying to steal your accounts, or worse, natural disaster, fire, etc.

But if we're being reasonable, I highly recommend you look into the app authy. It will do that for you. It encrypts the data with your password before sending it to them, so they never have access to your data. It works with any website that uses google authenticator.

That being said, http://xkcd.com/538/ . Being concerned about the NSA having access to your 2FA is very misguided. If you're one of their targets, they don't need your 2fa info to get into your accounts. 2FA fundamentally can provide any security against the NSA because 2FA depends on the centralized service in question to hold the key anyway. And given give them your key or go to jail, 10 out of 10 CEOs are going to give up your key.

quote from valentino007: ''Just buy a small simple pre pay smartphone only for using 2FA,thats how i do it,no crap can be instaled because i dont use it to browse the internet.

''


That makes sense for avoiding linking your identity with your wallet or account, however I'm not sure that completely solves all potential problems. I would probably have gotten a non smart phone in case things are already installed on it too, is there a reason you would go for a smart phone? What happens if that phone gets damaged. Also, is it true they deactivate pre pay phones after a period of non activity, so you would have to make sure to actively maintain the phone... what I mean by this is in an extreme case, if you go into a coma for 2 years and come back to find out your pre pay phone was your only access to your funds it could send you right back into the coma...

Having a little fun, but I think its an interesting discussion thanks for the advice.

As I previously mentioned, virtually none of that is applicable.

You are not linking an account to your identity by using 2FA. If someone had knowledge of the key used for 2FA and had access to your phone, then yes, that would be evidence it was your account. But if they have both your account and phone already, you're fucked anyways and that link is of no importance to them.

Damaged phone = yep, backups your codes!

Deactivated = Doesn't matter, doesn't need network. And if it did you could still use wifi without paid service. No need to maintain a phone plan!

 

[vertoe]

That being said, http://xkcd.com/538/ . Being concerned about the NSA having access to your 2FA is very misguided. If you're one of their targets, they don't need your 2fa info to get into your accounts. 2FA fundamentally can provide any security against the NSA because 2FA depends on the centralized service in question to hold the key anyway. And given give them your key or go to jail, 10 out of 10 CEOs are going to give up your key.

Glad, I live in a country where I dont need to go to jail if I dont hand out keys.

 

[nj47]

Glad, I live in a country where I dont need to go to jail if I dont hand out keys.

This is slightly pedantic because I don't think your sentiment was exactly about that specific action and more about what I'll refer to as "the-NSA-in-general", but there isn't anyone in the united states in jail for not providing their encryption key either.

I'm really curious where you live that as a business you would not be guilty of something like "interfering with a criminal investigation" for not giving a 2fa key of a user. But moreover as I mentioned in my post, 2FA keys are of absolutely no value to the nsa as they offer no protection against them. If they wanted access to something you have secured with a 2FA key, they would go to the source, the provider of your account, for access. 2FA does nothing about that.

2FA is very good at one thing - protecting the user from themselves. And it does an incredible job at that, because against what many people would like to believe, your biggest security threat is not the NSA, or hackers. It is you.

Getting a keylogger 99.99999% of the time is because you did something stupid.

Sure, a decade ago there were drive by exploits that you could be victim of doing absolutely everything right, but that no longer is the case.

The 0.00001% remaining is a skilled hacker targeted you, used a combination of exploits - at least one of which an unreleased zero day on some vulnerable piece of technology you used (so not only do they happen to have a private zero day exploit against a given piece of technology, it also is the one you are using, a super rare combo), was able to hijack your dns server queries and then as a result waited until the next time you downloaded a runnable file on a non-ssl connection and was able to download it first, attach an undetectable RAT to it, and route that modified file to you as well as fake the md5 file hash because you are doing absolutely everything right in terms of security and so you verify the md5 file hash of anything you download. Better hope the site you want a file from actually posts the hash because if they don't it means you can't download that file... And I'm not just talking about executable files. As a programmer you better be inspecting line by line every single library you use, because any one of them could have a nasty surprise in them. And I'm not just talking about compiled languages, python, node.js, etc. They both have an eval() function equivalent, so by using any library, you are letting the authors run any arbitrary code they want in your terminal. But I'm sure you always examine every line of every library you use!

Alright that has gotten ridiculous enough, but that is exactly my point and how is it related to 2fa?

Maintaining 100% security in a practical matter is impossible (I'd suggest it's not even hypothetically possible, but that's irrelevant to this discussion). If you believe otherwise you are lying to yourself. But by using 2fa you can contain the damage of an attack. A keylogger could get your name and password, but without your 2fa code, they no longer have unfettered access to your account, even though they have compromised your login credentials.

So in the end, 2FA is a very important and super-effective tool to use to improve your security. But knowing what it actually does is very important. It is not a password, it does not protect you from vulnerabilities from the account provider, it only protects you from yourself and what you have caused. But because you are going going to be at fault 99% of the time, it is an incredible tool.

 

[darkstrike420]

2FA is Not as Secure As you think it is.

I think I have said enough in this thread. 2FA is useless. It was originally planned just to link your account to your phone number so you can be tracked at any time up to 10m precision.

 

[nj47]

2FA is Not as Secure As you think it is.

I think I have said enough in this thread. 2FA is useless. It was originally planned just to link your account to your phone number so you can be tracked at any time up to 10m precision.

Please read my post again.

You are correct that 2FA does not protect you from the NSA. That also is not the point of 2fa or why you would use it.

So it is incredibly useful for its actual purpose.

2FA also does not link an account to a phone number, and you can easily prove that to yourself with a tool such as wireshark monitoring exactly where your phone is connecting.

Scenario: You want to add 2fa to your mintpal account. Mintpal generates a random key, they store it on theirserver, and when you enter it into google authenticator it is saved in your phone. That key then is used when you want to login. You will use the key saved on your phone and a specified algorithm (RFC: http://tools.ietf.org/html/rfc6238) then turns it into a code which you enter on mintpal. Mintpal will do the same thing on their end, take the shared secret key, generate the code based on the current time, and if they match, you are given access.

At no point during the process does mintpal get any information about you. They do not get your phone number, or anything.

Additionally, unless it is by your own doing, the key does not leave your phone and it most certainly does not track you at "10m precision."

You do not have to take my word for it, use wireshark or a similar tool and watch your network. If the data left your phone it would show it. It absolutley does not.


Moreover: The 2FA protocol is not dependent on cell phones! you could do it all on a piece of paper if you wanted to!

 

[darkstrike420]

Please read my post again.
2FA also does not link an account to a phone number, and you can easily prove that to yourself with a tool such as wireshark monitoring exactly where your phone is connecting.

LOL dude. How does Google servers know where to send SMS to? Because they keep your phone number in database in another row next to your username and md5(password).

Brain->Enable();

pls.

 

[stonehedge]

Just for the record I was only joking about the NSA bit. I'm just worried about the fact that if I lose my phone I have 15+ 2FA accounts set up on my phone and no reliable way to get back into all of those accounts.

 

[nj47]

LOL dude. How does Google servers know where to send SMS to? Because they keep your phone number in database in another row next to your username and md5(password).

Brain->Enable();

pls.

Google has nothing to do with your SMS messages and they absolutely are not on a google server.

SMS messages are sent over your cell phone service provider's network, google is not a cell phone service provider. Verizon and AT&T are cell phone service providers.

I don't know if you're a troll or you seriously suffer Dunning-Kruger effect, and fundamentally do not have any understanding of the technology you're talking about, but what you are saying is just flat out wrong and not how the technology works.

You can watch where every bit of data that leaves your phone goes and what data is going there. Android is open source, you can verify that it does not do what you are saying yourself. You can choose to turn your brain on and actually read what I'm saying or you can continue to live in your world of delusion, which ironically quite likely makes you more less secure from the nsa because you refuse to learn how these technologies actually function.

 

[darkstrike420]

Google has nothing to do with your SMS messages and they absolutely are not on a google server.

SMS messages are sent over your cell phone service provider's network, google is not a cell phone service provider. Verizon and AT&T are cell phone service providers.

I don't know if you're a troll or you seriously suffer Dunning-Kruger effect, and fundamentally do not have any understanding of the technology you're talking about, but what you are saying is just flat out wrong and not how the technology works.

You can watch where every bit of data that leaves your phone goes and what data is going there. Android is open source, you can verify that it does not do what you are saying yourself. You can choose to turn your brain on and actually read what I'm saying or you can continue to live in your world of delusion, which ironically quite likely makes you more less secure from the nsa because you refuse to learn how these technologies actually function.

Long text to insult me, 10/10 would read again.

Here is how it would work.

When you login on Google, it asks for message that was sent to your phone. In the background, Google sends a GET request to 2fa.php?phone=your_phone number and returns the sent message to google. 2FA sends SMS to your phone with the generated text that was returned to google.

How do you know this is not the implementation? Is Google Gmail open-source? No its not.

Edit: Before you use Wireshark excuse, you should know that you can't monitor the traffic that happens between 2FA and Google servers but only You <-> Destination and in this case its you <-> Google.

 

[nj47]

Long text to insult me, 10/10 would read again.
When you login on Google, it asks for message that was sent to your phone. In the background, Google sends a GET request to 2fa.php?phone=your_phone number and returns the sent message to google. 2FA sends SMS to your phone with the generated text that was returned to google.

How do you know this is not the implementation? Is Google Gmail open-source? No its not.

"10/10 would read again."
- I wish you would have read it the first time because if you had you'd know what you are describing makes no sense.

"2FA sends SMS to your phone with the generated text that was returned to google."
- This 2FA protocol has nothing to do with SMS.

Gmail doesn't need to be open source for me to know I don't get a text message when I use 2FA to login.

In fact I don't even use my cell phone for 2FA. I wrote a javascript library which uses the TOTP algorithm which I having running on a raspberry pi with the output going to an lcd display to handle my 2FA keys. So how I know what you are describing is not the implementation? Because this open source protocol is one I have experience not only using but I also have experience programming for. I have built and implemented it myself on a platform lacking internet access. And if I import the key into google authenticator, it returns the same code. So please, enlighten me, how does my raspberry pi compute the same code as my cell phone for a given key? The only logical answer is because the 2FA protocol is being used exactly as described in the spec - a deterministic mathematical algorithm which uses the current time and a shared secret.

 

[darkstrike420]

- This 2FA protocol has nothing to do with SMS.

Then why does Google/Verizon/At&t whatever the fuck it is send you a SMS with data to enter for successful login on your Gmail account?

 

[vertoe]

nj47 and darkstrike420, please tone it down a bit. I suggest both of you take a deep breath and a day off in the sun

 

[nj47]

Then why does Google/Verizon/At&t whatever the fuck it is send you a SMS with data to enter for successful login on your Gmail account?

I'm not at all familiar with what you are referring to. I do not get an SMS message for my 2FA with gmail. I didn't know gmail even offered that method of SMS.

Namecheap, on the other hand, it the only company I do business with that uses that method for 2FA.

But that method is not google authenticator nor it It related to google authenticator.


So fine, in that case google absolutely can link your cell phone to your account. But you are using that method by choice -- google does not force you to use it, and given I didn't even know they offered it, they seem to encourage users to use the protocol I was speaking about, which has nothing to do with text messaging.

 

[r-ando]

Very interesting, thank you for your feedback on this. So different members of the community have some different perceptions and opinions on this, hopefully this will be cleared up with time, but a recurring theme definitely seems to be to make multiple backups!