On a completely unrelated note, I wanted to add a note regarding security and extensions (although I have no magical way of allaying anyone's fears). The best I can do is try to be open and honest about the risks.
You are probably wary about installing software that interacts with a financial exchange.
My extension only interacts with the trollbox - it has no capability to handle anything financial. I kept all the code to a single script-file which I have thoroughly commented. If you can read JavaScript, you can audit the installed code in the Chrome extensions folder:
Mac:
~/Library/Application Support/Google/Chrome/Default/Extensions/[guid]/1.7_0/goatbox.js Win:
\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\[guid]/1.7_0/goatbox.jsUnfortunately, as far as I know, Chrome does not give you an easy way to disable an extension from applying updates, when they are available. This means the code you look at today, could change next week. I found this post, which shows you how to disable updates manually:
http://www.dslreports.com/forum/r26671033-If you are nervous, the following general advice may be helpful, for
any extension, not just mine:
- 1. disable all extensions in Chrome that can access "btc-e" or that can access "all tabs"
- 2. enable Two Factor Authentication on BTC-e (or generate a different key if it was already enabled)
- 3. install the extension, and reenable the others
I'm sure a malicious extension can still find a clever way to compromise your system, but afaik preventing add-on software from sniffing your two-factor key should be adequate in most cases.
TLDR:
Best practice for security: always disable browser extensions before entering/changing two-factor authentication. Also, consider preventing Chrome extensions from auto-updating
