2FA on a bitcoin wallet

[PostQuantumBTC]

I have only been using the TOTP that are six in number until I saw Cake wallet. The wallet has 8 TOTP which is 2 numbers more than the others that I have seen before.

If you want to proceed to enable the 2FA on the wallet, it will let you read that hackers may be able to know the TOTP which the authenticator is producing every 30 seconds, just to make sure that you protect your wallet very well, but its own is 8 numbers and it still give this warning.

If you have your 2FA on another device, also if the device the 2FA is always offline, is it true that hackers can still be able to know the 2FA? I think Cake is only referring to online 2FA. Can hackers be able to know the offline 2FA OTP?

The second question is that is 8 number TOTP more secure than 6 numbers?

I know that online wallets are not safe like offline wallets.

[Cookdata]

I have only been using the TOTP that are six in number until I saw Cake wallet. The wallet has 8 TOTP which is 2 numbers more than the others that I have seen before.

You know one thing about Authenticators, they change every 30 seconds. Even with 4 combinations of code, if the hacker doesn't have access to your secret key, it will be very difficult to guess 4 combinations under 30 seconds  unless maybe the hacker was able to tampered with the device where you kept the Authenticator.

If you want to proceed to enable the 2FA on the wallet, it will let you read that hackers may be able to know the TOTP which the authenticator is producing every 30 seconds, just to make sure that you protect your wallet very well, but its own is 8 numbers and it still give this warning.

This warning is normal in every security alerts. I'm not sure if you have tried to back up recovery phrase on your phone and you try to take a screenshot of the image, it stops you and give you warning. I have seen that in couple of software wallets I have tried to backup, that's just normal warning you getting.

If you have your 2FA on another device, also if the device the 2FA is always offline, is it true that hackers can still be able to know the 2FA? I think Cake is only referring to online 2FA. Can hackers be able to know the offline 2FA OTP?

The second question is that is 8 number TOTP more secure than 6 numbers?

I know that online wallets are not safe like offline wallets.

2FA doesn't need internet to work, they need just your phone to function to generate the digit number. So it's not possible for a hacker to have access to your secret key but some Authenticators encrypt your the password used to encrypt your backup on their server which you can access through login. Authy for example, with your mobile number and password even if you loss the phone where the authenticator is installed, you can retrieve it back again, they do say it's safe but who knows if there is a backdoor, if an hacker get hold of that, then game over.

[dkbit98]

I have only been using the TOTP that are six in number until I saw Cake wallet. The wallet has 8 TOTP which is 2 numbers more than the others that I have seen before.

I am using Cake wallet but I never saw option for 2FA in settings until now.
You should be just fine with regular PIN that has 4 numbers, since Cake should be used as hot wallet only, not for large amount of coins.
If you still want to use authenticatin and 2FA than I suggest reading dedicated page about that on Cake website:
https://docs.cakewallet.com/features/advanced/authentication/

The second question is that is 8 number TOTP more secure than 6 numbers?

Yes it does because it have significantly larger number of possible combinations.
But I don't think it really makes any difference for you.

[Charles-Tim]

I am using Cake wallet but I never saw option for 2FA in settings until now.
You should be just fine with regular PIN that has 4 numbers, since Cake should be used as hot wallet only, not for large amount of coins.

To set up 2FA on Cake wallet, no addictional cost and it is very easy to setup. I do not also recommend having high amount of money on such wallet but if 2FA can be used for making transactions on the wallet, it is not bad at all. Even if only small amount of money will be stored on it, not bad to use the 2FA if he knows that the device the 2FA is will be readily available if he wants to make transaction on the wallet.

If you want to see the seed phrase on the wallet but 2FA is enabled, the wallet will ask for password and the 2FA OTP before the seed phrase can be seen. Which means if someone around you know the wallet password, he can not access your seed phrase and he will also not be able to spend your coins.

[Hatchy]

I am using Cake wallet but I never saw option for 2FA in settings until now.
You should be just fine with regular PIN that has 4 numbers, since Cake should be used as hot wallet only, not for large amount of coins.

To set up 2FA on Cake wallet, no addictional cost and it is very easy to setup. I do not also recommend having high amount of money on such wallet but if 2FA can be used for making transactions on the wallet, it is not bad at all. Even if only small amount of money will be stored on it, not bad to use the 2FA if he knows that the device the 2FA is will be readily available if he wants to make transaction on the wallet.

If you want to see the seed phrase on the wallet but 2FA is enabled, the wallet will ask for password and the 2FA OTP before the seed phrase can be seen. Which means if someone around you know the wallet password, he can not access your seed phrase and he will also not be able to spend your coins.

He probably didn't know of the 2FA on cake wallet because he had no use of it. I've come across it several times but I don't usually see the use of setting up a 2FA on my wallet, when I can just save my seedphrase instead. For me cake wallet is just a mean for me to avoid those centralized exchanges high conversion fee between various altcoins. I don't really store coins on it. I simply use it to swap my coins when ever it's needed.

[Forsyth Jones]

If you want to proceed to enable the 2FA on the wallet, it will let you read that hackers may be able to know the TOTP which the authenticator is producing every 30 seconds, just to make sure that you protect your wallet very well, but its own is 8 numbers and it still give this warning.

If you have your 2FA on another device, also if the device the 2FA is always offline, is it true that hackers can still be able to know the 2FA? I think Cake is only referring to online 2FA. Can hackers be able to know the offline 2FA OTP?

I've never used Cake Wallet and I also didn't know it was possible to enable TOTP 2FA.

In summary, this warning is just to alert you that a hacker or malicious app could intercept your TOTP code. This possibility arises from the fact that you store the TOTP key backup on the same device. An account/app with TOTP 2FA only makes sense if you set up TOTP 2FA on another device, as this is essentially the second factor of authentication.

Think with me, whenever you enable TOTP 2FA on an account or app, a QR code or a set of hexadecimal characters is displayed. This is your TOTP key backup. In other words, if someone has access to this backup key, they can use it to restore it on any device and generate the same 6 or 8-digit codes that appear on the registered 2FA device.

It's recommended that you have a second device, mobile or desktop, to store your 2FA backup keys, and in this case, there are several applications recommended for this, avoid Google Authenticator, the Keepass password manager can be used to save your 2FA codes and passwords securely.