Bitcoin Forum

Is it better to receive a code via text?

Or is it safer to receive said code via the Google authenticator app?

Am I correct in believing that an email would be the least secure of the three?

Thanks.

I use the text option where it is available and Google authenticator where the text doesn't work, I think the text option is the safest, but when it comes to hacking anything can be hacked but I still believe hacking someone's phone to steal a code would be really difficult. And yes, email would be the least secure option.

The nice thing about text is even if phone is lost you are able get a new phone and receive it.

This is possible with authy to. It has a cloud based (encrypted ofc) back up option.

I don't think authy is safe as it keeps your data online. Route for either Google Authenticator or sms. Even Google Authenticator is unsafe because it stores data on the phone so try to use spare phone that will never go online and keep the phone in a secure place.

I agree with you that email 2FA is the worst for 2 reasons.
1. If you have a malware on your pc, it is likely all your accounts including your email will get hacked.
2. You will need to be very careful separating real 2FA emails and phishing emails.

Other than email, the others are all good IMO. :)

Yes, not all 2FA methods offer the same security. The idea is to harden security, it's more difficult than only one identification method but by no means uncrackable.

I use Authy also but may have found a glitch. I have 2 phone both with btc wallets and both with authy as 2fa, if you enter the code from 1 phone into the other that your opening your wallet on most times it works, try it.

This is correct. Text messages are probably the most secure way of 2FA as it will take very advanced technology to be able to intercept a SMS message to a phone and when you use this technology you would likely be committing very serious crimes, much more serious then simply stealing someone's account or bitcoin.

Authy is not open source and is essentially controlled by google. It will essentially be as secure as your google account.

You are correct to say that email is probably the least secure method of 2FA, however a company can potentially strengthen it by requiring email 2FA + some security question

I also recommend Authy to use, seems pretty safe and easy to use.

Thanks for all your input guys.

Appreciate it.

I guess I'll stick with the SMS authorization.

That is how is supposed to work since authy gives yout the option for multiple devices.

One thing not yet mentioned in this thread is the difference between per-transaction 2FA and logon-only 2FA.

Logon-only 2FA (such as supported by Blockchain.info) helps protect against password brute-forcing attacks. Unfortunately, it does practically nothing to help protect against malware.

Per-transaction 2FA (such as supported by GreenAddress.it and BitGo.com) means that each transaction that sends bitcoin out of your wallet must use a new 2FA code. This type of 2FA offers very effective protection against malware (although it's not necessarily perfect).

You should keep all this in mind when weighing your wallet options.

Just realised that authy has a desktop app...

Best method to keep your BTC safe, in my opinion, is to keep it in cold storage.

Only leave enough online for buying coffee and lunch.

Keep seperate paper wallets, with small amounts, you can sweep, when you need more in your online wallets.

In my view distribution of coins in many wallets, decrease the risk of losing them all in one hack. ^Smile^

I personally think a text is the most secure and an email is the least. Your email can easily be hacked into, whereas your phone number is pretty safe.

True, but 2FA isn't limited to only bitcoin storage. It is applicable to online banking, email, dropbox and in the future your bitcointalk account. :)

Complicated username that you don't use for other websites
Kind of complicated password that you don't use for other websites
Google F2A
Virus protected computer

authy is best app for 2fa ..Recently a pc version has also been introduced..check the official website

anyone knows which one use for google 2FA?
android phone or google mail that used in android?
i changed my OS/ROM for my android phone, and didn't see my site lists which use google 2FA :(
ccan i recover it using my gmail that i used before in my android phone?

For me the best way is the Google authenticator app, its really more safe.

The safest form of 2FA is probably using text messages to your phone. Email can get hacked, but your mobile phone is always with you (well, except it gets stolen, then you have bigger problems to worry about).

The safest one is by SMS, but it's not the best if you worry about privacy and doesn't want to give your phone number to strangers.