Request for Multiple-Step Verification on Bitcoin Sites

[BinaryMage]

With the numerous recent hacking incidents on Bitcoin-related sites, most notably Mt. Gox, I think we need to step up our game in terms of account security. While the break-in at Mt. Gox could probably have been prevented, it nonetheless stands to reason that something like it will happen again, and maybe with more devastating and less reversible consequences. We need a better security system for our accounts.

Bitcoin is a currency, and we need to get used to that. Many online banks, stock trading services, and such have multiple-step verification processes, where you must enter a password and a code, whether is changed every thirty seconds and stored on a small dongle, in the case of E-Trade, or sent to you mobile phone, in the case of Gmail. With a system such as this, the financial accounts of Bitcoin users would be much more secure.

Mt. Gox, Tradehill, BitcoinMarket, and the like, this is a message for you. Your users want security, and we're willing to give up a bit of convenience for it. Systems like Gmail's are not hard to implement, and are much more secure than a simple password. Bitcoin is not a toy currency, not a simple experiment for fun.  Bitcoin is worth real money, and we need to protect it as such.

[BCEmporium]

At the current value, Bitcoin needs a totally different infrastructure. Separated secure lines and checks along the way to prevent fraud, matrix cards to issue transactions, a bank-like (not Google-like) security system.
Actually those services, like Google, Yahoo, Hotmail, Facebook have a real weak spot for social attackers: The password retrieval system. For someone knowing you may not be hard to gain access by reseting your password.

[proudhon]

With the numerous recent hacking incidents on Bitcoin-related sites, most notably Mt. Gox, I think we need to step up our game in terms of account security. While the break-in at Mt. Gox could probably have been prevented, it nonetheless stands to reason that something like it will happen again, and maybe with more devastating and less reversible consequences. We need a better security system for our accounts.

Bitcoin is a currency, and we need to get used to that. Many online banks, stock trading services, and such have multiple-step verification processes, where you must enter a password and a code, whether is changed every thirty seconds and stored on a small dongle, in the case of E-Trade, or sent to you mobile phone, in the case of Gmail. With a system such as this, the financial accounts of Bitcoin users would be much more secure.

Mt. Gox, Tradehill, BitcoinMarket, and the like, this is a message for you. Your users want security, and we're willing to give up a bit of convenience for it. Systems like Gmail's are not hard to implement, and are much more secure than a simple password. Bitcoin is not a toy currency, not a simple experiment for fun.  Bitcoin is worth real money, and we need to protect it as such.

Bump!

[BinaryMage]

What do you all think? Are multiple-step verifications a good idea, or do you think they're not worth the hassle? Do you think that Bitcoin's basic infrastructure is secure enough?

[TonyHoyle]

OTP tokens are cheap (about $8), or you can use mobile phones these days, the code to implement them is opensource... it would be a good idea to at least have them as an option.

[ErgoOne]

I concur that 2-factor authentication is a good idea, but there are a couple of problems.  First, RSA SecureID keys (the "dongles" that an earlier poster mentioned) have been compromised recently.  It's all over the news, and network security forums and mailing lists.  I would not trust RSA as a factor until they've figured out what happened, how it happened, and taken measures to prevent a reoccurrence.  Cell phones via text messages also have an issue -- some of us block texting on our phones because of spam.  In the US, we pay per message sent OR RECEIVED.  Verizon Wireless (the least nasty/best quality of the major US cell carriers) will credit your account with 10 cents when they remove a text spam, but they won't reverse the "hit" on your messaging allowance and you have to call them and wade through their phone tree EVERY FRICKING TIME YOU GET SPAMMED. :/  IMHO we need something better than either of these things for 2-factor authentication to be ready for prime time.

2-factor authentication also doesn't fix the real issue: not taking Bitcoin seriously enough. Any site that manages trading in Bitcoins (rather than using bitcoins as currency to trade in something else), conversion between bitcoins and other kinds of currency, or that hosts bitcoin wallets (accounts) needs to be AT LEAST AS SECURE as a bank or other financial institution web site.  I'm a technical writer who works for a company that provides security for bank web sites and other web sites that handle highly sensitive private information.  Most of these web sites have undergone multiple security audits, are carefully and professionally coded by software engineers who know how to block injected SQL from web forms, cross-site scripts, and cross-site request forgeries.  They also sit behind sophisticated firewalls that look for and block these sorts of things. 

None of this means that they can't be compromised; malware with a keylogger can still steal your logon and password credentials.  However, the last time I heard of a bank site that had its entire user list with encrypted passwords stolen was years ago.  Even the recent Citibank theft wasn't a compromise of this type or magnitude.

Mt. Gox simply wasn't up to the standard needed for a bank, payment processor, or any institution whose primary purpose is handling other people's money.  I'm not saying this lightly or to yell at Mt. Gox.  Frankly, I think that they were no more guilty of treating bitcoin security cavalierly than the people who wrote the local wallet program that I use.  (Otherwise, the wallet would be encrypted by the program.)  Further, they notified their users and are doing the right thing now.  I wish them luck rebuilding on a better security foundation this time.  I'm also not convinced that other web sites used for Bitcoin trading don't have similar flaws. :/  So I will move *very* slowly and carefully when I start trading.

[BinaryMage]

I concur that 2-factor authentication is a good idea, but there are a couple of problems.  First, RSA SecureID keys (the "dongles" that an earlier poster mentioned) have been compromised recently.  It's all over the news, and network security forums and mailing lists.  I would not trust RSA as a factor until they've figured out what happened, how it happened, and taken measures to prevent a reoccurrence.  Cell phones via text messages also have an issue -- some of us block texting on our phones because of spam.  In the US, we pay per message sent OR RECEIVED.  Verizon Wireless (the least nasty/best quality of the major US cell carriers) will credit your account with 10 cents when they remove a text spam, but they won't reverse the "hit" on your messaging allowance and you have to call them and wade through their phone tree EVERY FRICKING TIME YOU GET SPAMMED. :/  IMHO we need something better than either of these things for 2-factor authentication to be ready for prime time.

2-factor authentication also doesn't fix the real issue: not taking Bitcoin seriously enough. Any site that manages trading in Bitcoins (rather than using bitcoins as currency to trade in something else), conversion between bitcoins and other kinds of currency, or that hosts bitcoin wallets (accounts) needs to be AT LEAST AS SECURE as a bank or other financial institution web site.  I'm a technical writer who works for a company that provides security for bank web sites and other web sites that handle highly sensitive private information.  Most of these web sites have undergone multiple security audits, are carefully and professionally coded by software engineers who know how to block injected SQL from web forms, cross-site scripts, and cross-site request forgeries.  They also sit behind sophisticated firewalls that look for and block these sorts of things. 

None of this means that they can't be compromised; malware with a keylogger can still steal your logon and password credentials.  However, the last time I heard of a bank site that had its entire user list with encrypted passwords stolen was years ago.  Even the recent Citibank theft wasn't a compromise of this type or magnitude.

Mt. Gox simply wasn't up to the standard needed for a bank, payment processor, or any institution whose primary purpose is handling other people's money.  I'm not saying this lightly or to yell at Mt. Gox.  Frankly, I think that they were no more guilty of treating bitcoin security cavalierly than the people who wrote the local wallet program that I use.  (Otherwise, the wallet would be encrypted by the program.)  Further, they notified their users and are doing the right thing now.  I wish them luck rebuilding on a better security foundation this time.  I'm also not convinced that other web sites used for Bitcoin trading don't have similar flaws. :/  So I will move *very* slowly and carefully when I start trading.

Fair point. You're probably right, the core of the problem is that Bitcoin isn't taken seriously enough, and I agree that that is what really needs to be resolved. I just hope that multiple-step verification could serve as a stepping stone to get some easily implemented security fast, and then the good Bitcoin websites should get their penetration testing and the like done.

I didn't know about the RSA key break-in; I don't use one myself, but that certainly seems to detract from the stability of that idea. One other way to provide a verification code is a mobile app, which won't cost anything except data if you pay for it, which even so would be minimal. I think that people just want a more secure Bitcoin market now, and maybe this could help.