|
September 15, 2013, 07:12:01 PM Last edit: September 16, 2013, 06:57:42 AM by coastermonger |
|
If your website ever holds the Bitcoin of someone else, then this is your challenge to improve client-side security:
Hardware wallets are great, but sometimes it's necessary to do business online. Exchanges, merchants, online wallets, and any site that stores users' bitcoin should give customers the OPTION to enable the following security measures. They are not foolproof, but they will go a long way
1) Allow users to specify that a positive email confirmation is mandatory in order to withdraw funds 2) Allow users to lock bitcoin withdrawals so they can only be sent to a specific address (or handful of addresses) from your site 3) Allow users to specify a mandatory waiting period that must transpire before withdrawals are sent, allowing them time to intercept and report unauthorized access 4) Allow users the option to specify maximum limits on the amount of bitcoin that can be withdrawn in a given time frame 5) Allow users the option to specify specific computers that can interface with your site, so that no devices anywhere else may log in 6) Allow users the ability to mandate 2-factor authentication NOT just on log in, but for every transfer/buy/sell/security action on your site.
If you can enable all of these things, you will empower your userbase with powerful tools for their online bitcoin security. You will make your site less of a target for bitcoin theft. You will avoid having more awkward conversations with angry customers about why their funds were stolen from your site. You will find people praising you for your forward thinking and progressive approach to bitcoin security. NO it's not bulletproof. They will still have to be careful you will still have to protect private keys. But giving people these OPTIONS is a step in the right direction.
-Make it happen.
|