|
Title: yubikey security Post by: Newton90 on November 22, 2020, 04:04:10 PM hello.can someone tell me if the any exchange is hacked, can yubikey (installed as 2fa to my account) prevent my funds from being withdrawn by attackers from the exchange's wallets?
Title: Re: yubikey security Post by: o_e_l_e_o on November 22, 2020, 04:08:54 PM If we are talking about a centralized exchange, then no, your Yubikey (or any 2FA for that matter) offers no protection if the exchange is hacked.
Using 2FA provides extra protection to someone hacking in to your individual account. If they compromise your email and password, they still can't log in to your account with your 2FA device or code. However, once you send coins a centralized exchange, they credit your account with the relevant amount and then sweep all the coins from your deposit address to their main hot wallets, where they are combined with the deposits from every other customer. This saves them greatly on fees when it comes to processing withdrawals, which are processed from this main hot wallet. Should the exchange itself be hacked and the attacker gain access to the hot wallet, then they can empty all the funds from it, regardless of which account deposited them or what 2FA protections those accounts are or are not using. Title: Re: yubikey security Post by: Asuspawer09 on November 22, 2020, 04:18:49 PM I don't have experience when it comes to Yubikey, but as far as I know, this kind of hardware 2FA authentication is great and recommended when it comes to security.
You cannot log-in to your account or pass the 2FA authentication without the YubiKey hardware so it's just a layer of protection, I mean people have a positive review and we still don't know if the hardware could be bypass. But if the hardware works perfectly it's great for security since it could avoid even if they could spoof your IP or clone browser they still cannot open your account since they don't have this hardware. Title: Re: yubikey security Post by: khaled0111 on November 22, 2020, 07:00:27 PM ... As o_e_l_e_o explained above, yubikey will simply prevent the hacker from accessing your account if your login and password get compromised.However, nor yubikey nor any any other 2fa app (google auth, authy..) will help in case the hacker gets access to the exchange's hot/cold wallets private keys. Still, since it's a hardware device and the attacker will need a physical access to it then I assume it's more secure compared to other apps. |