2FA confusion

[Z390]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication? Or this 2FA auth is already imprinted into the recovery seed as well?.

[1715034859]

1715034859

[1715034859]

1715034859

[1715034859]

1715034859

[OmegaStarScream]

Yes, you can always recover a 2FA wallet using your seed only. See here:

Even if TrustedCoin is compromised or taken offline, your coins are secure as long as you still have the seed of your wallet. Your seed contains two master private keys in a 2-of-3 security scheme. In addition, the third master public key can be derived from your seed, ensuring that your wallet addresses can be restored

2FA wallets are not really worth it anyway, especially if you're planning to spend on a regular basis.

[Upgrade00]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication?

It essentially does. Seedphrase serves as a fail safe system which you can use to recover your address should you lose other modes of access. Reason why it would be kept secure and possibly duplicated in different locations.

2FA serves more as a means to prevent breaches through your device and is not much recommended cause it involves a bit of centralization

[Charles-Tim]

Check this thread that was created today: 2FA on crypto wallet exists?

[Marvelman]

Yes, recovery (backup) seed phrase is the alpha and omega of every crypto wallet. It is the genesis point where all other private/public key pairs originated. 2FA is just an additional layer of protection on top of that.

[Maus0728]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication? Or this 2FA auth is already imprinted into the recovery seed as well?.

Well basically Recovery Seed is your key, a fail safe system indeed as said by Upgrade00. And 2FA is just another set of security which doesn't really rely on your seed phrase.

To understand it more, here's a basic interpretation:

• 2FAs are only used for another set of security upon account LOGINs. You can use tons of external applications to use as your 2FA but having it WOULD NOT recover your account.
• RECOVERY SEEDs, on the other hand, is used as a security upon IMPORTING or RECOVERING your account. There's no application that could breach your Recovery Seed (unless you've stored it electronically and without better security)

Hence, they both have their different use. Recovery seed doesn't neutralizing 2FA, but rather making it safer for your account that the 2FA cannot provide.

[Charles-Tim]

Well basically Recovery Seed is your key

No

I do not really understand what you meant by this, but to avoid misunderstanding and confusion, seed phrase are coin recovery words which generate keys. Seed phrase is not the keys, but it generate the keys while the keys generate the addresses.

2FAs are only used for another set of security upon account LOGINs.

2FA are commonly used for custodial wallets and exchanges but it can also be used for noncustododial wallet like the 2FA required by TrustedCoin to sign transaction from 2FA Electrum wallet which is 2-of-3 multisig in which 2 keys are required for signing transaction, 1 key for transaction will be provided by TrsutedCoin and the other key from the wallet the transaction are made from.

Recovery seed doesn't neutralizing 2FA, but rather making it safer for your account that the 2FA cannot provide

It is even not to be compared than just indicating the difference because both are entirely different. Seed phrase generates and regenerates (recovery) keys and addresses and used in wallet recovery while 2FA are just addition layer of security.

[logfiles]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication? Or this 2FA auth is already imprinted into the recovery seed as well?.

It depends on the type of wallet.

Web wallets that are custodial can provide you with a 2FA option to secure your account, but not the seeds to your account.

Most noncustodial wallet do not offer 2FA to secure the account. I think it's only electrum that I remember that has the 2FA option, but if someone accesses your seeds, they can still spend your bitcoins.

[nc50lc]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication?

Is this about Electrum's 2FA?
Because I can't find any topic about 2fa wallet with a seed phrase in your post history and you didn't tell from which 2fa wallet is this about.

If it's Electrum: the 2fa is there to protect the "wallet file", which is in a PC/Phone, which is an online vulnerable environment.
The wallet file doesn't contain the seed phrase or your second master prvKey so it's useless on its own without the 2fa authenticator if accessed by hackers with the correct password.
In this case, a non-2fa electrum wallet would have been hacked already.

The seed on the other hand is air-gap, in a safe offline environment, so the only way to compromise it is to have physical access to it.

[tranthidung]

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication? Or this 2FA auth is already imprinted into the recovery seed as well?.

Mnemonic seed is vital to protect your coin, not 2FA. With seed, you can recover your wallet on other devices even with other wallets as long as they are compatible with the original wallet you use.

2FA on Electrum wallet, for example has a minus point that you will have to pay addition fee for each of your transactions to TrustedCoin which is unnecessary in my opinion.

[Pterosaur]

Using 2FA Authentication on your crypto wallet is like inviting centralized security into your decentralized wallet, I definitely do not like this idea and I guess thats why many crypto wallets don't have 2FA on them, any wallet that has 2FA security should be ignored.

[libert19]

It does but as the name says it's 2fa - two factor authentication, if someone were to get into your wallet they won't be able to transact unless they have 2fa code. Of course having seed neutralises it and that's why it's supposed to be kept private, 2fa serves different purpose.

[hosseinimr93]

isn't having access to recovery seed neutralised the power of 2FA Authentication?

Yes, Anyone who has access to your seed phrase can spend your bitcoin without your permission and without any need to the 2FA code. As mentioned by nc50lc, that's why you should create the seed phrase on an airgapped device.
As you need to be online for registering on trustedoin, you should be careful that your seed phrase always stays offline. Otherwise, you almost defeat the purpose of the 2FA wallet.

For creating a secure 2FA wallet in electrum
1. Create the wallet on an air-gapped device.
2. Move the wallet file to an online computer.
3. Open the wallet file and Register on trustedcoin.

[BitKongy]

Forget about 2FA as this belongs to centralized projects anyway, you can only see 2FA on wallets like coinbase wallet and xapo wallet where private keys and recovery seed are kept by the dev not by the users, a good open source wallet will never have 2FA security.

[Oshosondy]

Forget about 2FA as this belongs to centralized projects anyway, you can only see 2FA on wallets like coinbase wallet and xapo wallet where private keys and recovery seed are kept by the dev not by the users

2FA do not belong to a centralized project, you can use a hardware authenticator or use an app like Aegis which is open source, a wallet can be centralized like Coinbase.com or exchange like Binance, but 2FA should not be referred to as centralized because it is used to protect accounts on a centralized wallet, it can also be used on a noncustodial wallet also for protection, but mostly all noncustodial wallet see it not necessary.

a good open source wallet will never have 2FA security.

If you can read what others have post on this thread, you can noticed that electrum can use 2FA, but this is optional, the fee can not make me use it, but it can further protect you from hackers. Electrum is an open source wallet and one of the best know bitcoin open source wallet.

[5W-KILO]

Forget about 2FA as this belongs to centralized projects anyway, you can only see 2FA on wallets like coinbase wallet and xapo wallet where private keys and recovery seed are kept by the dev not by the users

2FA do not belong to a centralized project, you can use a hardware authenticator or use an app like Aegis which is open source, a wallet can be centralized like Coinbase.com or exchange like Binance, but 2FA should not be referred to as centralized because it is used to protect accounts on a centralized wallet, it can also be used on a noncustodial wallet also for protection, but mostly all noncustodial wallet see it not necessary.

a good open source wallet will never have 2FA security.

If you can read what others have post on this thread, you can noticed that electrum can use 2FA, but this is optional, the fee can not make me use it, but it can further protect you from hackers. Electrum is an open source wallet and one of the best know bitcoin open source wallet.

Google Authentication 2FA belongs to Google, thats a good example of a centralized entity mate, I guess that's why we don't see much 2FA on many crypto wallets this days, I do wish we can use 2FA on trust wallet, its way secured than using fingerprint locks and pin lock.

[hosseinimr93]

Google Authentication 2FA belongs to Google, thats a good example of a centralized entity mate,

The 2FA code is generated using a known algorithm. It's not that you always rely on google for getting 2FA code. You can get the correct code, even if you are not connected to the internet.
You can also use other 2FA applications like Aegis and get the same code.

We don't have 2FA on non-custodial wallets, because these kind of wallets contain your private keys and your private key is all you need to make a transaction. This makes 2FA useless. Anyone who has access to your private key can have access to your fund and make transaction without your permission. In other words, 2FA can't protect your private key.

[Oshosondy]

We don't have 2FA on non-custodial wallets, because these kind of wallets contain your private keys and your private key is all you need to make a transaction. This makes 2FA useless. Anyone who has access to your private key can have access to your fund and make transaction without your permission. In other words, 2FA can't protect your private key.

It is not necessary to have 2fa on noncustodial wallet but it can be helpful and give some level of protection, if you have your seed phrase protected, your coins are safe, that is true. But online wallets save the seed phrase on wallet and can be seen through malware, some people can be careless, install malware in a way the malware can steal the seed phrase on their web, mobile or desktop wallet. If 2FA is used like on electrum, the seed phrase can not be found which is still another protection.

[tranthidung]

But online wallets save the seed phrase on wallet and can be seen through malware, some people can be careless, install malware in a way the malware can steal the seed phrase on their web, mobile or desktop wallet. If 2FA is used like on electrum, the seed phrase can not be found which is still another protection.

Your explanation is inaccurate.

2FA provides protection through co-signing outgoing transactions. It protects your Bitcoin in case your compute is compromised but hackers have yet gotten full access to your seed because with seed, they will be able to import it and change from 2FA wallet to normal (non-2FA) wallet and will able to sign outgoing transaction without co-sign from remote server by Trusted Coin.

• Trustedcoin's FAQ on Electrum 2FA wallet
• Electrum wallet - 2 factor authentication

[nakamura12]

Having 2FA on the wallet provider you use for example Electrum then your wallet have extra or additional security or protection but you can still import it in other wallet provider like TrustWallet using the Seed phrase and you don't need the 2FA OTP even if you set up a 2FA in Electrum. Anyway, those wallet provider I used is for example only. There was a Site I visited before which is an exchange site (non-custodial) and as expected, I wasn't able to write or copy seed phrase or private key from the site to keep my wallet safe. My account there is safe since I need to provide 2FA OTP before I can access my account and do transactions but 2FA can be hacked. Many non-custodial wallet doesn't have 2FA but some are possible to add Passcode but that is only for from that site or wallet app like TrustWallet.