|
June 19, 2011, 08:08:19 AM |
|
I have read several messages stating that accounts at MtGox became compromised.
While I can't verify them, I think it's a really Bad Idea to link password recovery to email security by sending a recovery password for a trading site to a mail account. Mail accounts are checked most frequently and in all possible places. People are apt to use weak passwords for mail. Login credentials may be sniffed when using WiFi connections on mobile devices. Computers of other people may be used where keyloggers and trojans are already in place. Once your mail account is stolen, your trading account is compromised as well.
What I propose is to use PGP/GnuPG signatures for re-authentication of accounts and mTAN for auhtentication of transactions. That would work as follows:
1) First you need to generate a PGP key with your favorite software. If you want good security, you will move the keys to a SmartCard device, which are sold by various non-governmental entities.
2) When you register to an online trader, you can enter your PGP keyid and public key. You can also check the fingerprint of the key you just did upload. Password reset by email would be switched off. The key will be bound to the tradings account so that a new key can replace the exiting one only if it is signed by it.
3) In case you lose your password, you enter your user ID and key ID at a web form. The trading site gives you an authentication phrase and asks you to sign it with your secret PGP key. When you upload the signed phrase, the signature is verified and you can enter a new password.
4) A further, very important improvement would be to use an adption of the well-established mTAN principle. With this, you register the number of a mobile phone at your trading account and sign it with your PGP key. Then, every transaction will be authenticated that way that a five-digit code is sent by SMS to your mobile device. Only after you enter that code, the transaction is done. This is much more secure than password-only authentication.
Advantages of GPG authentication:
- Does not rely on weak email security - Does use existing infrastructure and well-established, thoroughly audited software - Preserves anonymity, but would also fit nicely in GPG-based Webs of Trust - Allows for two-factor authentication by Open Hardware - Can be provided as an opt-in solution. People who don't care for more security don't have to use it.
Advantages of mTAN authentication for transactions:
- easy to use - well-established in many places - prevents theft by keyloggers
Joise
|