bitcoin transaction with two factor authentication

[joe3600]

As we know that bitcoin is vulnerable from being hacked.
To protect users property, it would be nice if we can implement two factor authentication during transaction.

Is it possible to make bitcoin transaction with two factor authentication, for example, by email verification, or by google authenticator ?

For example, when user transfer their bitcoin to other address, an email notification letter would be sent to the user.  If the transaction is high enough (say more than 0.1 BTC), it requires user to confirm by clicking links and/or input one-time password.

[1714997378]

1714997378

[1714997378]

1714997378

[1714997378]

1714997378

[achow101]

As we know that bitcoin is vulnerable from being hacked.

No it is not. The computers on which Bitcoin wallets are stored and run can be hacked, but Bitcoin itself cannot be hacked.

To protect users property, it would be nice if we can implement two factor authentication during transaction.

Is it possible to make bitcoin transaction with two factor authentication, for example, by email verification, or by google authenticator ?

For example, when user transfer their bitcoin to other address, an email notification letter would be sent to the user.  If the transaction is high enough (say more than 0.1 BTC), it requires user to confirm by clicking links and/or input one-time password.

Who would verify your 2fa? Who ensures that it is correct? Who is the second party that is entrusted with keys to protect your Bitcoin? If it is built into your wallet, your computer can be hacked and the private keys that the 2fa would unlock are still there can be stolen by the hackers, thus making this useless. The 2fa would have to be on a third party system, i.e. not your computer. But then you are trusting said third party to not go out of business or be malicious.

[dsattler]

Have a look at the airbitz wallet and their 2fa feature:
https://airbitz.co/go/faq/one-touch-2-factor-authentication-2fa-work/

[ThatRandom8543]

You could use a wallet that supports multisig, though while its not the same, it would protect the coins from being taken right away, which would give you way more than enough time to sign a transaction, send it to the other person (or maybe another computer with the other key?) to sign the transaction then send to a fresh new wallet.

[ranochigo]

This is hard or impossible to my knowledge to implement in the protocol. It is possible for a third party to provide such a service however.

Electrum combines this feature by implementing 2-of-3 multisig with Trustcoin holding one of the key and the user holding 2. The transaction can only be valid if the multisig has at least 2 signatures. So, the user can keep one of the key secure and use another key for day to day use and have Trustcoin sign a transaction together with that key if the 2FA code is correct.

[CIYAM]

Actually there is a method that you could use to lock UTXOs that is a kind of 2FA and that is by using a P2SH script that requires both a signed public key and a "revealed secret" (in much the same way as I've designed for doing Atomic Cross-Chain Transfers or ACCTs).

Of course you wouldn't want to trust some 3rd party for this but instead have some offline device providing the hashes and secrets for you (such as a mobile phone that has been placed in a Faraday cage).

Basically this would give you a way to have your keys on your online computer but still make things safe by having the secrets and hashes generated offline.

[Quickseller]

There is something very similar to what you are asking for, it is called multisig.

The 'ELI5' version of how multisig works is as follows:
*You create an address that can only spend funds sent it to when m of [/i]n[/i] specific private keys sign a spending transaction
*You set both m and [/i]n[/i] when you create this address
*You set up your address so that both m and n are two, so that one of your private keys is stored on your computer, and the other private key is stored on the device that you would use for 2FA
*Receive BTC to above address
*You now cannot spend any funds received to your address without both your computer, and the device that you designate to be used for 2FA 'approving' (signing) any transaction you wish to spend

I would note that it is always a best practice to have multiple backups of your private keys, in multiple locations and stored in multiple mediums of storage.

[Coin-Keeper]

joe3600,

I see this is your first post on this thread.  Welcome.

For simplicity you may consider adding a hardware wallet to your "scheme" if you have enough coins to merit using one.  Using Trezor as one example (there are several great hardware wallets out there), when you are going to send coins you will see the Exact BTC address that is being authorized by the hardware wallet.  When you accept it, the TX will and can only be sent to that exact address.  Although nobody wants to use a "malware infected" computer, if you do, and if you follow Trezor procedures correctly, your coin TX will still only go to the intended address and no malware can ever see your private keys.