Bitcoin Forum
September 19, 2019, 05:48:36 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Google 2FA decentralised alternative ?  (Read 286 times)
dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 24, 2019, 09:29:26 AM
Last edit: August 01, 2019, 10:56:07 PM by dkbit98
 #1

INTRODUCTION

What is 2FA?

Two-factor authentication or as we know it 2FA provides two component identification for users.
It increases protection for our accounts and fixes vulnerabilities of using only password method.
2FA confirms users dentities with two factors: 1. what people know and 2. what people have

There are 2 types of most used 2FA:

- TOTP - Time-based Onetime Password (Google)

- U2F - Universal Second Factor (Google/Microsoft fixed issues of TOTP)

TOTP verify your identity based on a online shared secret between you and other provider.
When you log in, number code is generated by device, and then you have to type and send this code.
Server is then generating same thing and compares/validates your login.

Always try to use U2F if you can, as private key is never sent over the internet, and it is much easier to use.
You may find U2F on some well known hardware wallets as Trezor and Ledger.

We can agree that using any 2FA is much better than using simple password solution,
but it is not perfect, and it is based on centralized Google servers.

Do we need alternative for 2FA?

I am 100% sure we need it!
We are becoming to attached to Google and services they offer, like Gmail, Youtube, Google 2FA, Google search.
They truck every single thing people are doing, and only way we can keep a bit off our privacy
is by slowly reducing usage of this services and gradually transition to alternative options we have.

d2FA - Decentralized Two Factor Authentication

I was looking for someone in crypto space to create D2FA, as it can have real world usage application.
So far I discovered one project that was working very good in my testing.
It is made by team of ZelCoin and ZelCore wallet.

Zel ID
A decentralized authentication protocol that is truly seamless, secure, and private.

How it works

Quote
from official website
- Zel ID works with Hierarchical Deterministic Wallets (HD Wallets) and utilizes the blockchain as a decentralized and distributed database.
This allows a user to create an account, not by generating and storing a public (address) and private key but instead by utilising a username and password to peform the same action.

- This enables a user to login on multiple devices with a convenient set of credentials, allowing authentication on multiple platforms through digital signatures.

- d2FA keeps your account secure by also allowing a user-selectable PIN as a second layer of security.

- Zel ID, simple and secure authentication, is only strengthened with d2FA by creating an additional layer of security that is immune to exploits that current centralized 2FA systems encounter.

It is currently limited to showcasing ZelCore functionality. ZelID.io will soon feature a full integration of Zel Login and it's capability.
You can try and test it how it works yourself.

https://zelid.io/
https://zel.network/

Note:
You need 0.0002 ZEL to broadcast a d2FA transaction


Can d2FA be global?

Sure it can.
Blockchain is perfect for this kind of application, as there is no single server used,
but rather whole blockchain is used, and that makes it much more secure.

Potential disadvantages

- Users need to pay a small transaction fee

- Question of speed with global massive usage


CONCLUSION:

I would love to see more projects working and developing this idea of d2FA,
as I think there is a real world usage, and it is one more way to bring more people in crypto space.

In order for this to happen, clear advantages of d2FA must be presented,
as only that way we can hope to replace current cetralized used 2FA system

If you know any other working alternative for google 2fa please write below.
I would love to explore this topic.

1568915316
Hero Member
*
Offline Offline

Posts: 1568915316

View Profile Personal Message (Offline)

Ignore
1568915316
Reply with quote  #2

1568915316
Report to moderator
1568915316
Hero Member
*
Offline Offline

Posts: 1568915316

View Profile Personal Message (Offline)

Ignore
1568915316
Reply with quote  #2

1568915316
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 24, 2019, 09:34:46 AM
 #2

Bitwings OS is introducing a more secured 3FA with better security and we can't find that any where else yet
https://bitwings.org

First time I hear about it.

This is ICO project...and I am very skeptical about them.

bitmover
Hero Member
*****
Online Online

Activity: 602
Merit: 1023



View Profile
July 24, 2019, 10:59:43 AM
Last edit: July 24, 2019, 02:50:16 PM by bitmover
Merited by HeRetiK (1)
 #3

If you know any other working alternative for google 2fa please write below.
I would love to explore this topic.

To use a good 2Fa service you don't need Google Authenticathor or any other Google service.

There is a better application called Authy. I wrote about it some time ago.

Also, i don`t think decentrralization is useful here. Bitcoin should be centralized decentralized , but a 2FA software doesn't need to be decentralized...

But one thing that many people do not know is the fact that Google Authenticator (GA) does not save your 2FA accounts in your google account. So if you lose your phone you lose access to all accounts linked to your GA (unless the site has some additional recovery mechanism).

So if you use GA it is worth taking at least one of these two precautions:
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.

An excellent alternative to GA is Authy app. This program works just like GA, but it saves your access accounts. That way, if you lose your cell phone, that's okay, as your data is backed up in the cloud.

Authy has an option to prohibit the registration of new devices. So if someone steals your Auth password, they can not add an additional device, unless if an authorized device allows the registration of new devices to your account.

-snip-


Edit 2:
You can also try Yubico, a USD stick authentication device. It is a more secure and better solution, however it has a cost (20-60 usd)
https://www.yubico.com/why-yubico/for-individuals/

dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 24, 2019, 01:21:33 PM
Last edit: July 24, 2019, 02:04:28 PM by dkbit98
 #4

If you know any other working alternative for google 2fa please write below.
I would love to explore this topic.

To use a good 2Fa service you don't need Google Authenticathor or any other Google service.

There is a better application called Authy. I wrote about it some time ago.

Also, i don`t think decentrralization is useful here. Bitcoin should be centralized but a 2FA software doesn't need to be decentralized...

But one thing that many people do not know is the fact that Google Authenticator (GA) does not save your 2FA accounts in your google account. So if you lose your phone you lose access to all accounts linked to your GA (unless the site has some additional recovery mechanism).

So if you use GA it is worth taking at least one of these two precautions:
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.

An excellent alternative to GA is Authy app. This program works just like GA, but it saves your access accounts. That way, if you lose your cell phone, that's okay, as your data is backed up in the cloud.

Authy has an option to prohibit the registration of new devices. So if someone steals your Auth password, they can not add an additional device, unless if an authorized device allows the registration of new devices to your account.

-snip-


Edit 2:
You can also try Yubico, a USD stick authentication device. It is a more secure and better solution, however it has a cost (20-60 usd)
https://www.yubico.com/why-yubico/for-individuals/


Are they using centralized servers or not?

If the answer is YES, then I think we do need them.

btw did you mean Bitcoin should be DEcentralized  Grin or centralized like you wrote ?

PS
I tried Authy.
For desktop I am using WinAuth at the moment

bitmover
Hero Member
*****
Online Online

Activity: 602
Merit: 1023



View Profile
July 24, 2019, 02:54:25 PM
 #5


Are they using centralized servers or not?

If the answer is YES, then I think we do need them.

btw did you mean Bitcoin should be DEcentralized  Grin or centralized like you wrote ?

PS
I tried Authy.
For desktop I am using WinAuth at the moment

Thanks for the correction lol decentralized ofc.

Authy is better than winauthy imo. Give it a try.
They use centralized services, ofc. This is not a problem to security imo.

naska21
Hero Member
*****
Offline Offline

Activity: 1162
Merit: 530


CurioInvest [IEO Live]


View Profile
July 25, 2019, 06:26:17 AM
 #6

snip

Always use U2F if you can as private key is never sent over the internet at any time, and it is much easier to use.
You may find U2F on some well known hardware wallets as Trezor and Ledger.

snip


Can't comment on Trezor but the loss of  security keys in Ledger after firmware update is the weak spot of that device:

After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on
IMO, the dedicated  usb tokens like Yubikey by Yubico are best suited to address  U2F authorization.

                       ░▒▒▒▒▒▒▒▒▒▒▒▒▒░░                                         
              ░░▒▓▓███▓▓░░████████████████▓░                                   
          ░▓▓▓▒██████████░ ███████████████████▒                                 
       ░▓██▒░  ███████████▓ ▒███████████████████▓▓▓▓▓████▓▓                     
  ▒▓▓▓██▒     ████████   ▒██░ ██████████▓▒░      █████████████████▓▓▒░         
 ▓█▒░░        ▒▒▓▓▓▓▓▓  ░▒███░ ▓▓▓▒░░   ░░▒▒▓▓███▓▓▓▓▓▓▒▒       ░▒▓███████▓▒░   
 █                                               ░▒▒▓▓██████████▓▒░░░▒▓██████▓█
 █▒  ▒▓▓▒░▒▓█▓▓▓▒▒▒▒░░                                    ░▒▓▓████████▓▓▒░   ▒█
 ░█ ▒████▓  ▒▒░▒▒▓▓▓▓██████████▓▓▓▒▒▒░                            ░▒      ░▓██ 
  ▒███▒▓▓██  ░              ▒░░█████▓▓▓▓██▓▓▒▒▒▒▓▓▓▓▓▒▒░░          ░░ ▓██████▓▓▒
    ▓█▓▓▒▓█▓ ▒              ▒▒▓███  ███████████▓▓█▓░░▒▒░░░  ▓███████▓████████ ▓█
     ░█  ▓██▓▒░░▒▓▓▓▓▓████████▓░   ████▒▒▓▓▓▓██████      ░ ████████▒█████▓▒  ▒█
      ▓▓▓▓████▓▒░░                ▒███ ░███▓█▓▓████░    ▓ ████████▓▓█▓▒    ▓▓▓ 
      ░▓█████▓▒▓██████▓▒░         ▒██▓ ██▒  ██▓▓████    ▒  ░            ▒██▒   
        ░▒         ░▒▓█████████▓▒  ██▒ █▓    ██▒█████    ▒▒▒░░░▒░░░█▓▒▓██▓     
                          ░▒▓█████████ ██    ▓█▒█████▓             ░▓██▓       
                                  ░▒▓█▓ ██ ░▒██░██████▓  ▒▒▒░   ▒▓███▒         
                                      █▓▒▓████░▓████▓ ▓▓▓██████████░           
                                       ▓█▓▓▓▓▓█████▓          ░▒▒               
                                         ▒▓▓██▓▒░                               
                                                                               
|
|

█████████████████████████
██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██
██ ███████████▀     ██ ██
██ ██████████▌   ▄▄▄██ ██
██ ██████████   ██████ ██
██ ███████          ██ ██
██ ███████▄▄▄   ▄▄▄▄██ ██
██ ██████████   ██████ ██
██ ██████████   ██████ ██
██ ██████████   ██████ ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

█████████████████████████
██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██
██ █████████████▀█████ ██
██ ███ ▀█████▀      ▀█ ██
██ ███     ▀▀      ▐██ ██
██ ███▌            ███ ██
██ ████▌          ▄███ ██
██ ██████       ▄█████ ██
██ ████▄▄▄▄▄▄▄████████ ██
██ ███████████████████ ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

█████████████████████████
██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██
██ ████████████▀▀▀████ ██
██ ████████▀▀     ████ ██
██ █████▀    ▄▀  ▐████ ██
██ ██▀     ▄▀    ▐████ ██
██ ████▄▄ █▀     █████ ██
██ ██████ ▄▄█   ▐█████ ██
██ ████████████ ██████ ██
██ ███████████████████ ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
Whitepaper
Ann Thread
Bounty Thread
dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 25, 2019, 07:56:38 AM
 #7

snip

Always use U2F if you can as private key is never sent over the internet at any time, and it is much easier to use.
You may find U2F on some well known hardware wallets as Trezor and Ledger.

snip


Can't comment on Trezor but the loss of  security keys in Ledger after firmware update is the weak spot of that device:

After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on
IMO, the dedicated  usb tokens like Yubikey by Yubico are best suited to address  U2F authorization.


Not to mention the 'lack of space' thing on Ledger Nano S and removal of option to sign a message,
it will not be even possible to install FIDO U2F if you have 2 or 3 coins in portfolio.

Scary stuff

poodle63
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 501



View Profile
July 25, 2019, 01:23:18 PM
 #8


Are they using centralized servers or not?

If the answer is YES, then I think we do need them.

btw did you mean Bitcoin should be DEcentralized  Grin or centralized like you wrote ?

PS
I tried Authy.
For desktop I am using WinAuth at the moment

Thanks for the correction lol decentralized ofc.

Authy is better than winauthy imo. Give it a try.
They use centralized services, ofc. This is not a problem to security imo.
authy is more than enough for me, i don't need any service even like bitwings or this one. Centralized server means nothing when it was developed by the trusted company and authy is a reputable app with so many users.
anything must not be decentralized.

.Minter.                       ▄▄▄▄▄▄▄▄▄
                  ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄▄
               ▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
            ,▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
          ,▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
         ▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
        ▓▓▓▓▓▓▓▓▓▓█▀█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀█▓▓▓▓▓▓▓▓▓▓
       ▓▓▓▓▓▓▓▓▓▓▓    █▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓
      █▓▓▓▓▓▓▓▓▓▓▓▓▓    ▀▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓
      ▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▄   ▀▓▀   ▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓
     ▐▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▄     ▄▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▌
     ╟▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▄ ▄▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▐▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▌
      ▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓
      ║▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▌
       ▀▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓▓▓   ▓▓▓▓▓▓▓▓▓▓▓
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
         ╙▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
           ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
             ▀█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
                ▀█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▀
                     ▀▀██▓▓▓▓▓▓▓██▀▀
||

╓▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒
▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▀▀▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓         ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓▓         ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓▌        ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓         ▀╜        ╙▀▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓                      ▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▌                       ▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓                        ▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓         ▓▓▓▓▓▌         ▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▌         ▓▓▓▓▓          ▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓⌐         ▓▓▓▓▓         ╣▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓         ▀█▀▀^         ╫▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▌                      ▒▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓                     ▒▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓                 #▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
 ╙▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
WALLET




                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█
bitmover
Hero Member
*****
Online Online

Activity: 602
Merit: 1023



View Profile
July 25, 2019, 02:20:28 PM
 #9

Not to mention the 'lack of space' thing on Ledger Nano S and removal of option to sign a message,
it will not be even possible to install FIDO U2F if you have 2 or 3 coins in portfolio.

Scary stuff

There is a lot of misinformation here.

First of all, ledger nano S can sign messages. I really don't know what you are talking about.
I signed messages using Electrum, Mycrypto, Myetherwallet...

And you can use more than 20 coins in your portfolio. Just uninstall your App inside the ledger device and install again when you need to use again.

Decimation
Member
**
Offline Offline

Activity: 266
Merit: 35


View Profile
July 25, 2019, 02:25:25 PM
 #10

What exactly do you mean by "decentralized 2fa"? Just because something has the word "Google" in front of it, doesn't mean it isn't decentralized. You own your keys, and you are completely responsible for them. However I would argue that decentralized 2fa is unnecessary for the average person, as the chance of losing keys is much higher. Authy is tied to your phone number rather than your phone, making it much easier to restore lost data, without having to worry too much.
shoreno
Full Member
***
Offline Offline

Activity: 770
Merit: 103


★Bitvest.io★ Play Plinko or Invest!


View Profile
July 26, 2019, 06:11:39 AM
 #11

i have tried using apps for 2fa's that i found on the google playstore , take note they arent related to google but after i tried those it seems that they didn work as i recieve a wrong otp message . but after i tried using back the google authenticator it worked again like a charm  . i think the exchange that im using only supports google authenticator at the moment  .

dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 28, 2019, 10:37:39 AM
 #12

Not to mention the 'lack of space' thing on Ledger Nano S and removal of option to sign a message,
it will not be even possible to install FIDO U2F if you have 2 or 3 coins in portfolio.

Scary stuff

There is a lot of misinformation here.

First of all, ledger nano S can sign messages. I really don't know what you are talking about.
I signed messages using Electrum, Mycrypto, Myetherwallet...

And you can use more than 20 coins in your portfolio. Just uninstall your App inside the ledger device and install again when you need to use again.

Yes, I did the unistall.
And having only Bitcoin, and Etherium filled up all the space,
so I cant install anything else...
And I need to install PGP app for that to work.

I am talking about Ledger Nano S,
and I can prove it, and I am not the only one with this issue

Red-Apple
Hero Member
*****
Offline Offline

Activity: 1372
Merit: 637



View Profile
July 28, 2019, 10:45:48 AM
 #13

Do we need alternative for 2FA?

I am 100% sure we need it!
We are becoming to attached to Google and services they offer, like Gmail, Youtube, Google 2FA, Google search.
They truck every single thing people are doing, and only way we can keep a bit off our privacy
is by slowly reducing usage of this services and gradually transition to alternative options we have.

you first need to prove there is actually something wrong with the current tools then argue about alternatives. i am personally not convinced with your argument here.

lets first look at how Google Authenticator works.
it is a very simple application that works offline and without needing Google servers or sending anything to them. it works based on your device's time and the password/key that you and the other party share. using that key you generate a number which acts as your 2FA.

now explain to me how are we relying on Google for any of it? it is not like Gmail that you need their server! everything happens inside your device and stored in your device.

besides if we assume we need an alternative, we definitely don't need a "cryptocurrency" for that! it doesn't even make sense to create one!!!

haufranco
Newbie
*
Offline Offline

Activity: 98
Merit: 0


View Profile
July 28, 2019, 04:28:18 PM
 #14

snip

Always use U2F if you can as private key is never sent over the internet at any time, and it is much easier to use.
You may find U2F on some well known hardware wallets as Trezor and Ledger.

snip


Can't comment on Trezor but the loss of  security keys in Ledger after firmware update is the weak spot of that device:

After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on
IMO, the dedicated  usb tokens like Yubikey by Yubico are best suited to address  U2F authorization.

Thanks for noticing.  Got stuck with no option of signing-in back
dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 28, 2019, 07:50:06 PM
 #15

Do we need alternative for 2FA?

I am 100% sure we need it!
We are becoming to attached to Google and services they offer, like Gmail, Youtube, Google 2FA, Google search.
They truck every single thing people are doing, and only way we can keep a bit off our privacy
is by slowly reducing usage of this services and gradually transition to alternative options we have.

you first need to prove there is actually something wrong with the current tools then argue about alternatives. i am personally not convinced with your argument here.

lets first look at how Google Authenticator works.
it is a very simple application that works offline and without needing Google servers or sending anything to them. it works based on your device's time and the password/key that you and the other party share. using that key you generate a number which acts as your 2FA.

now explain to me how are we relying on Google for any of it? it is not like Gmail that you need their server! everything happens inside your device and stored in your device.

besides if we assume we need an alternative, we definitely don't need a "cryptocurrency" for that! it doesn't even make sense to create one!!!

If you are talking about 2FA, and in specific TOTP
It has many flaws, and that is why they created better version U2F.
2FA Backup codes are sent online, they are probably not even encrypted,
and hackers can take control of password or backup.
You are trusting other party to save keep your secret code.

U2F is better because there is nothing shared over internet.

Hackers can not hack in to d2FA as there is no single point server that is keeping your secret.,
or maybe they can but in Quantum future.

xamxam
Full Member
***
Offline Offline

Activity: 371
Merit: 100


HiveNet - Distributed Cloud Computing


View Profile
July 29, 2019, 11:45:25 PM
 #16

2FA is very important to prevent hacker, in this way we can be more comfortable about our account. If you are using android authy is much better rather than google aunthenticator. But Authy was proven and tested to me already for every exchange that I used most often here in this field of crypto business industry.

dkbit98
Sr. Member
****
Offline Offline

Activity: 532
Merit: 343


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
July 30, 2019, 07:08:36 AM
 #17

There is a way hackers can compromise your 2FA with a virus.
One example for Android phones is Anubis Trojan Virus.
Virus Anubis renders 2FA void via a man-in-the-middle-atack.
It is targeting crypto exchanges

Read more in this articles:
https://blog.zerononcense.com/2019/07/27/anubis-virus-major-android-virus-attacking-bitfinex-binance-exchange-apps-and-others-pt-1/
https://www.zdnet.com/article/anubis-android-banking-malware-returns-with-a-bang/

royalfestus
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 500


send and receive money instantly, with no cost


View Profile
July 30, 2019, 07:17:03 AM
 #18

In the past 2 weeks I have had series of error from this google authentication from 2 of the exchanges I use, What have not seen until recently. I am afraid there is possibility of compromise if such error persist. Anything is possible with hacking in this space and we may not know the possibility until it happen. The google authenticator don't see much upgrade like other app, it might not be necessary if we are well protected .

██▄                      ▄██
▀███▄                  ▄███▀
  ▀███▄              ▄███▀
██▄ ▀███▄          ▄███▀
▀███▄ ▀███▄      ▄███▀
  ▀██   ▀██    ▄███▀
             ▄███▀
             ▀███▄
        ▄██    ▀███▄
      ▄███▀      ▀███▄
    ▄███▀          ▀███▄
  ▄███▀              ▀███▄
▄███▀                  ▀███▄
██▀                      ▀██

X.C.A.R.DTM
.SEND AND RECEIVE MONEY.
.INSTANTLY, WITH NO........
.HIDDEN COSTS............

▄████████████████████████████████████▄
██▀                                ▀██
██  ▄▄▄▄▄▄  ▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄   ██
██                     █        █   ██
██  ▀ ▀▀▀ ▀▀ ▀▀▀ ▀▀    █        █   ██
██                     █▄▄▄▄▄▄▄▄█   █▀
██
██
██  ▄▄▄▄▄▄  ▄▄▄▄▄▄  ▄▄▄▄▄▄  ▄▄▄▄▄▄  ██
██  █    █  █    █  █    █  █    █  ██
██  █▄▄▄▄█  █▄▄▄▄█  █▄▄▄▄█  █▄▄▄▄█  ██
██▄                                ▄██
▀████████████████████████████████████▀
.SPEND ANYWHERE,....
.ANY CRYPTOCURRENCY,.
.ANY PAYMENT CARD....

████
██
██
██
██
██
██
██
██
██
██
██
██
████

IEO
Q4 2019

████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████

▄▄████████▄▄
▄████████████████▄
▄████████████████████▄
███████████████▀▀  █████
████████████▀▀      ██████
▐████████▀▀   ▄▄     ██████▌
▐████▀▀    ▄█▀▀     ███████▌
▐████████ █▀        ███████▌
████████ █ ▄███▄   ███████
████████████████▄▄██████
▀████████████████████▀
▀████████████████▀
▀▀████████▀▀


▄██████████████████▄
██▀              ▀██
██                ██
██                ██
██    ▄▄▄▄▄▄▄▄    ██
██    ▀▀▀▀▀▀▀▀    ██
██   ▄▄▄▄▄▄▄▄▄▄   ██
██   ▀▀▀▀▀▀▀▀▀▀   ██
██
██
██                ██
██▄              ▄██
▀██████████████████▀
.
WP
▀ ▀▀▀



Legendary / Hero Member

██▄                      ▄██
▀███▄                  ▄███▀
  ▀███▄              ▄███
leea-1334
Sr. Member
****
Offline Offline

Activity: 854
Merit: 269


YOLOdice.com - Dice for the Daring


View Profile WWW
July 30, 2019, 02:58:12 PM
 #19

Looked good until the moment I saw that it costs you something to broadcast the transaction. So a crypto based plainly on 2FA? I think it is fine. There are other simple scripts out there you can use that just work fine for 2FA, you do not need to have another crypto just to do this.

stomachgrowls
Hero Member
*****
Online Online

Activity: 1162
Merit: 546


Crypto-Games.net: Multiple coins, multiple games


View Profile
July 30, 2019, 05:26:00 PM
 #20

There is a way hackers can compromise your 2FA with a virus.
One example for Android phones is Anubis Trojan Virus.
Virus Anubis renders 2FA void via a man-in-the-middle-atack.
It is targeting crypto exchanges

Read more in this articles:
https://blog.zerononcense.com/2019/07/27/anubis-virus-major-android-virus-attacking-bitfinex-binance-exchange-apps-and-others-pt-1/
https://www.zdnet.com/article/anubis-android-banking-malware-returns-with-a-bang/
Adding up some links about that Anubis Trojan.

https://www.bleepingcomputer.com/news/security/anubis-android-trojan-spotted-with-almost-functional-ransomware-module/

Android system cant be affected with Virus but only with malware and even application permission.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!