Bitcoin Wallet Security

[Blawpaw]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

[Amph]

i was thinking about that for a while, Core can come with a login and password instead of creating a passphrase for your wallet plus 2fa google authenticator

so in the event that your computer is compromised you still have the google protection

[oblivi]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Blockchain.info uses 2FA, even tho it's not a proper local blockchain based Bitcoin wallet. Im actually surprised I can't think of any software based Bitcoin wallet that has 2FA. There must be a reason for it. Maybe liking your phone to your wallet compromises privacy??

[Blawpaw]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Blockchain.info uses 2FA, even tho it's not a proper local blockchain based Bitcoin wallet. Im actually surprised I can't think of any software based Bitcoin wallet that has 2FA. There must be a reason for it. Maybe liking your phone to your wallet compromises privacy??

Yes, it seems that this type of security for desktop wallets is underdeveloped...
The developer or company who decide to design and put to work this type of product will surelly have a lot of profit!

So, if you are a Developer, this is a good project for you to think about!

[Argwai96]

Keep in mind that some times computers are compromise via remote access to hackers so if you happen to have your f2a in your computer then that would help you at all, there is quite a good amount of options after that if your a security focus bitcoin user.

the wallet could have a cell phone mobile security step or a biometric verification before sending any funds.

[Towlie]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.

Yes, they need 2-factor possibly even three. People often complain about blockchain.info but if you have 2-factor and second password set up your coins are likely more safe than if they were just on your desktop.

[ikydesu]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Electrum 2.0

You need make your device clean for make security is more secure: https://bitcointalk.org/index.php?topic=203876.0

[Blawpaw]

Keep in mind that some times computers are compromise via remote access to hackers so if you happen to have your f2a in your computer then that would help you at all, there is quite a good amount of options after that if your a security focus bitcoin user.

the wallet could have a cell phone mobile security step or a biometric verification before sending any funds.

Well now that you mention... where can I find that options? 2fa For a Desktop wallets I ain't heard about it yet! What I heard was about a company that could provide API access to their 2fa app. This could well be developed for any interested company.

[pooya87]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

the newer versions of Electrum has the option to enable two factor authentication. you can check out the Electrum wiki page for more information here:
http://electrum.orain.org/wiki/Two-factor_authentication

it is a service provided by TrustedCoin, it is with a remote server acting to co-sign transactions, adding another level of security in the event of your computer being compromised.

you also have your seed to restore your wallet in case you didn't have access to TrustedCoin for any reason.

[Ingatqhvq]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

2FA is not the solution. How to keep your private key offline is the key.
                                                                                               

[Herbert2020]

there are ways to secure your wallet and bitcoin other than using 2fa.
like using the cold-storage which has many different ways to it.
from paper wallets to creating offline wallets on your pc.

[Blazr]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.

[Prasmatic]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.

I was using Google Authenticator but since there is no way to backup the stuff, i moved to Authy, i can sync with many devices

[LFC_Bitcoin]

i was thinking about that for a while, Core can come with a login and password instead of creating a passphrase for your wallet plus 2fa google authenticator

so in the event that your computer is compromised you still have the google protection

Yep! Core should be like Trezor in the sense that if you haven't made a back up & your PC dies or gets stolen you can simply download the full blockchain again & enter a 12-24 word seed which reloads your bitcoin balance into the new client. I would be very happy & impressed if the developers could incorporate this.

[ranochigo]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Blockchain.info uses 2FA, even tho it's not a proper local blockchain based Bitcoin wallet. Im actually surprised I can't think of any software based Bitcoin wallet that has 2FA. There must be a reason for it. Maybe liking your phone to your wallet compromises privacy??

It is not much secure than a password protected wallet. Blockchain.info store the encrypted keys on their server. The addition of 2FA basically allows the computer to only have the wallet downloaded when the 2FA is correct. Your wallet would still get compromised if their wallet file gets compromised and hashing algronithm is weak. This method would not protect against other vulnerability like weak RNGs.

[scarsbergholden]

So i have an idea that we actually see in home security, before sending a transaction or unlock your wallet you get a courtesy phone call from a security agent asking you if you open your bitcoin wallet and if everything is alright in your home of place is taken the transaction in.

[everaja]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

2FA security is pretty old , but what if your PC is compromised with all sensitive data??
The best way is to store your Private key offline not on Computer:
various methods that i know are:

1.  paper printout
2.  a metal coin
3.  a tattoo on your body

Of all the above three the [3] one is pretty innovative to me

[ticoti]

2FA can be easily broken in 10 minutes I don't think it is a solution

[achow101]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.

Exactly. Someone with access to the computer can go find the wallet file and brute force it to steal the private keys. 2fa will do nothing to stop that.

Using 2fa with a third party would work but requires you to trust said third party. You need to trust them to let you to spend your bitcoin otherwise they could lock the bitcoin up in the multi sig address. Also, what happens if they go out of business?

[Blazr]

One of the biggest problems with bitcoin is security.

I would like to see developed a new Bitcoin Desktop wallet that gave the option to its users of enabling 2FA security.
The company who develops this will be surely a winner...
Am I wrong or is there someone already working on it?

Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.

Exactly. Someone with access to the computer can go find the wallet file and brute force it to steal the private keys. 2fa will do nothing to stop that.

Using 2fa with a third party would work but requires you to trust said third party. You need to trust them to let you to spend your bitcoin otherwise they could lock the bitcoin up in the multi sig address. Also, what happens if they go out of business?

Normally how these services work is you set up a 2 of 3 multisig wallet, you keep one key on your PC, they keep one key and you keep the final key on paper. Should they refuse to co-sign or go out of business you can use your paper backup to regain access to your coins.