 |
June 19, 2011, 08:08:19 AM |
|
I have read several messages stating that accounts at MtGox
became compromised.
While I can't verify them, I think it's a really Bad Idea to
link password recovery to email security by sending a recovery
password for a trading site to a mail account. Mail accounts are
checked most frequently and in all possible places. People are
apt to use weak passwords for mail. Login credentials
may be sniffed when using WiFi connections on mobile
devices. Computers of other people may be used where
keyloggers and trojans are already in place.
Once your mail account is stolen, your trading
account is compromised as well.
What I propose is to use PGP/GnuPG signatures for
re-authentication of accounts and mTAN for auhtentication of
transactions. That would work as follows:
1) First you need to generate a PGP key with your
favorite software. If you want good security,
you will move the keys to a SmartCard device, which
are sold by various non-governmental entities.
2) When you register to an online trader, you can
enter your PGP keyid and public key. You can also
check the fingerprint of the key you just did upload.
Password reset by email would be switched off.
The key will be bound to the tradings account so that
a new key can replace the exiting one only if it is
signed by it.
3) In case you lose your password, you enter your
user ID and key ID at a web form. The trading site
gives you an authentication phrase and asks you to sign
it with your secret PGP key.
When you upload the signed phrase, the signature
is verified and you can enter a new password.
4) A further, very important improvement would be
to use an adption of the well-established mTAN principle.
With this, you register the number of a mobile phone at your
trading account and sign it with your PGP key. Then, every
transaction will be authenticated that way that a five-digit code is
sent by SMS to your mobile device. Only after you enter
that code, the transaction is done. This is much
more secure than password-only authentication.
Advantages of GPG authentication:
- Does not rely on weak email security
- Does use existing infrastructure and well-established,
thoroughly audited software
- Preserves anonymity, but would also fit nicely in
GPG-based Webs of Trust
- Allows for two-factor authentication by Open Hardware
- Can be provided as an opt-in solution. People who
don't care for more security don't have to use it.
Advantages of mTAN authentication for transactions:
- easy to use
- well-established in many places
- prevents theft by keyloggers
Joise
|
