Less private but perhaps secure HOT wallet

[DaveF]

Just more of a thought experiment. Would people be willing to have a nominally more secure hot wallet that is less private?
Starting with: A wallet on your phone or PC is not secure, we all accept that.
Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

Kind of like it only sends it's transactions through a certain set of servers, and after you create and transmit the transaction you have to then do a quick login and approve.

Just talking about some things with some people the other day and the subject came up of more secure then hot, but don't want to deal with a hardware wallet / multisig / anything like that.

-Dave

[1715120584]

1715120584

[1715120584]

1715120584

[1715120584]

1715120584

[o_e_l_e_o]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

This already exists by using Electrum's 2FA via TrustedCoin. However, having both the wallet and the 2FA app on the same device is meaningless, as explained below.

Kind of like it only sends it's transactions through a certain set of servers, and after you create and transmit the transaction you have to then do a quick login and approve.

If someone can compromise the wallet on your phone, then they will almost certainly also be able to compromise your login details for a website you access via your phone (which, to be honest, 99% of users would simply save in their browser's built in password manager anyway), or your 2FA app.

I don't see how you can make a hot wallet on a phone any more secure without requiring a second physical device, be that another phone for multi-sig, a hardware wallet, or even a hardware YubiKey or similar for 2FA. Any 2FA using the same phone as the wallet itself, be that a code, a login, a second wallet, receive an email, etc., adds almost zero additional security.

[DaveF]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

This already exists by using Electrum's 2FA via TrustedCoin. However, having both the wallet and the 2FA app on the same device is meaningless, as explained below.

Kind of like it only sends it's transactions through a certain set of servers, and after you create and transmit the transaction you have to then do a quick login and approve.

If someone can compromise the wallet on your phone, then they will almost certainly also be able to compromise your login details for a website you access via your phone (which, to be honest, 99% of users would simply save in their browser's built in password manager anyway), or your 2FA app.

I don't see how you can make a hot wallet on a phone any more secure without requiring a second physical device, be that another phone for multi-sig, a hardware wallet, or even a hardware YubiKey or similar for 2FA. Any 2FA using the same phone as the wallet itself, be that a code, a login, a second wallet, receive an email, etc., adds almost zero additional security.

We were discussing the possibility of a wallet app that would not let you save the login / password. So every time you wanted to send you would have to enter it. There are a lot of security apps out there that generate an onscreen keyboard that you have to use to enter the information so keyloggers would be pointless.

I don't know if there is a way to do it really securely, but was wondering what everyone else thought.

Personally, I treat my hot wallet like cash. It's risky to carry a lot around, but still nice to have it with you if you need it.

-Dave

[o_e_l_e_o]

We were discussing the possibility of a wallet app that would not let you save the login / password.

Do most mobile wallet apps not already do this and require unlocking via a password or PIN (or biometric, but those are notoriously insecure and shouldn't be used)? And most people have some sort of locking mechanism on their phone. So for someone to access your wallet they must first bypass/crack/know your master phone security lock and then bypass/crack/know your wallet security lock as well. Which is why I made my point above - if someone can already do this to access the wallet app, then presumably they can also do it for any 2FA setup using the same device.

Personally, I treat my hot wallet like cash. It's risky to carry a lot around, but still nice to have it with you if you need it.

This is the right answer. If you would carry x amount of bitcoin in cash in your pocket, then store that in a hot wallet. If you wouldn't, then store it somewhere safer.

[n0nce]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

This already exists by using Electrum's 2FA via TrustedCoin. However, having both the wallet and the 2FA app on the same device is meaningless, as explained below.

I guess it could still be useful when the hot wallet is installed on a laptop and the phone is used for 2FA. It's unlikely to lose both devices at the same time, right.
Then again, you could also just do regular 2-of-2 multisig.

[o_e_l_e_o]

I guess it could still be useful when the hot wallet is installed on a laptop and the phone is used for 2FA. It's unlikely to lose both devices at the same time, right.

Yes, definitely beneficial in that case, or any case in which the wallet and the 2FA app are on separate devices. As I've said many times before in various threads, the whole point of a 2FA set up is that it is a second factor that is required to authenticate you, your transaction, your account, whatever. If both wallet and 2FA can be compromised by compromising a single device, then it isn't a second factor at all - it is the same factor.

A similar case is when people receive a confirmation email or an email with a code in it to the same email address they have used to register the account in question in the first place. That is not 2FA at all, as if an attacker compromises the email address - a single factor - then they can reset the password and receive any 2FA code.

Then again, you could also just do regular 2-of-2 multisig.

I think this is far preferable to paying excess fees and sacrificing privacy to use TrustedCoin. Marginally more complicated to set up and use, but worth it for the benefits.

[witcher_sense]

Yes, definitely beneficial in that case, or any case in which the wallet and the 2FA app are on separate devices. As I've said many times before in various threads, the whole point of a 2FA set up is that it is a second factor that is required to authenticate you, your transaction, your account, whatever. If both wallet and 2FA can be compromised by compromising a single device, then it isn't a second factor at all - it is the same factor.

Compromising one factor doesn't necessarily lead to compromising the other factor, even if both factors rely on a single device. For example, you can duplicate fingerprints and access someone's mobile phone with installed bitcoin wallets, but that doesn't automatically mean that you can guess a password to an authentication application or that you can break the system and extract all sensitive information. Even if you succeeded in extracting this data, it still remains encrypted with the algorithm that will take years to break. Two-factor authentication is about different forms of identification, not necessarily about different types of devices: I can use my fingerprint as a first factor and a strong password as a second factor. Both these factors will be used to create a separate layer of security (specifically, encryption), which means both layers need to be broken for data compromise. Whether these layers are on a single device or on multiple devices doesn't really matter, because it always will depend on who you are trying to protect yourself from. Skilled hackers or intelligence agencies will find a way to hack all your devices, but not all people are being chased by those.

[n0nce]

Compromising one factor doesn't necessarily lead to compromising the other factor, even if both factors rely on a single device.
[...]
Two-factor authentication is about different forms of identification, not necessarily about different types of devices: I can use my fingerprint as a first factor and a strong password as a second factor.

At that point, the fingerprint and password scan could just be implemented in the same app, though. I believe some banking apps already offer to use biometrics + password.
That's still not 2 factors, though.

I mean, we're getting into semantics now; sure, there may be cases where someone steals your phone with the wallet software on it and has a copy of your fingerprint, but no idea about the password.
But there are also scenarios where compromising the device means compromising both factors, e.g. if the password is stored in your password manager, which is unlockable with your fingerprint.

I wouldn't bet on users correctly using 2 factors on the same device and instead just enforce the 2FA application to be on a different device than the wallet software.

[Welsh]

I mean, we're getting into semantics now; sure, there may be cases where someone steals your phone with the wallet software on it and has a copy of your fingerprint, but no idea about the password.
But there are also scenarios where compromising the device means compromising both factors, e.g. if the password is stored in your password manager, which is unlockable with your fingerprint.

I personally like to take physical security as serious as I would with encryption or digital security. So, if my device was compromised physically, I'd automatically assume that everything on it is compromised, even though in the majority of cases this wouldn't be the case. However, I like to have contingency plans so if this ever did happen, I'd be able to either wiping it from a distance, change the credentials or move the funds if it's Bitcoin.

Physical security in my opinion is one of the easiest options anyhow. Fingerprints aren't secure absolutely aren't, there's just too many ways of obtaining fingerprints which you might not be aware of at the time. Even with a password plus a fingerprint, I feel like the fingerprint additional step is just trivial rather than adding any meaningful protection. Obviously, it would protect you from distance attacks, but for physical attacks or by someone who's in close proximity of you, it's rather trivial.

[BlackHatCoiner]

I think we need to draw a line between security that comes with responsibility, and security that comes with irresponsibility.

If you don't want to be responsible for your funds' custody, then you can only achieve very questionable security. For example, shared custody with a third party involves both yours and their risk, but shared. If you don't feel confident with this either, you can hand over your custody to that one third party. That's your best course if you consider yourself very clumsy and uncertain. Perhaps do some search for someone who's reputable enough to handle your funds; don't just pick randomly. You should also make sure both you and the third party acknowledge that it's likely for your device(s) to be compromised, and introduce more reputable third parties (such as email, SMS etc.) each time you make a transaction. 

On the other hand, if you feel you can handle this yourself, and believe you're more capable of managing that money than anyone, then you need to behave securely in another manner. Namely, to take care of your system, verify what's about to be installed, use reputable open-source software, and the like.

Starting with: A wallet on your phone or PC is not secure, we all accept that.

Depends. I consider both my computer and my mobile phone secure enough to handle a few satoshis. I consider both of these options much better than a sense of questionable security a third party can provide me.

[andulolika]

Remembers me of the bank model of a couple hundred years back where bank would pay to get you robbed so you use their bank, feels similar enough but with privacy at stake.
I think tiny spendable wallets are way to go, satori chips were inspirative back in the day when they launched, relying on internet is becoming disgusting.

[o_e_l_e_o]

Two-factor authentication is about different forms of identification, not necessarily about different types of devices: I can use my fingerprint as a first factor and a strong password as a second factor.

I disagree. With this definition, then any mobile wallet is already using 2FA, since you must first unlock the phone with one PIN/password, and then unlock the wallet app with a second PIN/password. I would not call this two factors, just as I don't call my encrypted wallet files stored on a hard disk which is also encrypted two factors, despite needing two different decryption keys to access the wallets.

2FA isn't just two different passwords. In it's most basic form, it should be something you know (a password or login) and something you have (ideally a hardware key, but more usually a software key in the form of a TOTP from another electronic device, usually a phone). These must be separate or they aren't two factors; they are just a more complex single factor. Of course more passwords and more layers will add security, but it will never be two factors as long as all those layers are on the same device.

If an attacker can both physically access your phone and has been able to hack/crack/steal/observe or otherwise gain knowledge of one password, then it is highly likely your second password is also at high risk of compromise. hence the reason the two factors must be separate or they aren't two factors at all.

[BlackHatCoiner]

[...]

Correct. Logging into an online service sometimes does require 2FA from the same device, though. For example, logging into Discord from mobile requires me to enter an SMS I'm about to receive. Whoever compromises my phone can access my Discord (assuming they already know my password), so it's 1 factor over all. That's poor security.

2FA should be 2 factors that are not correlated with each other. In my case, it's the SD card (which is used for the SMS) and the password, both of which are known by someone who steals my mobile.


By the same reasoning, multi-sig is also 2FA. In fact, it's n-FA.

[PowerGlove]

[This is about 2FA in general, not about 2FA as it pertains to wallets]

I've seen a few posts in this thread (and others) pointing out that 2FA can only do 100% of its job if it's implemented correctly (i.e. uncorrelated factors on fully separate devices). That's true, but I think it's worth pointing out that there are still important security benefits, even when it's done "wrong" (i.e. both factors, like your password manager and authenticator app, on a single device).

Like witcher_sense said above, just because you can compromise a device in one way, it doesn't necessarily follow that you can compromise it in other ways. Certain kinds of malware may be able to get to your password (keyloggers, clipboard sniffers, etc.) without ever being able to compromise your second factor, even if it's on the same device.

Also, some attack vectors don't rely on compromising your device at all (like phishing), and in those cases 2FA is a game changer, even in its "bad" form.

Full-strength 2FA is laudable and should be the goal, but even weak 2FA is beneficial and worth having.

[Welsh]

[This is about 2FA in general, not about 2FA as it pertains to wallets]

I've seen a few posts in this thread (and others) pointing out that 2FA can only do 100% of its job if it's implemented correctly (i.e. uncorrelated factors on fully separate devices). That's true, but I think it's worth pointing out that there are still important security benefits, even when it's done "wrong" (i.e. both factors, like your password manager and authenticator app, on a single device).

Like witcher_sense said above, just because you can compromise a device in one way, it doesn't necessarily follow that you can compromise it in other ways. Certain kinds of malware may be able to get to your password (keyloggers, clipboard sniffers, etc.) without ever being able to compromise your second factor, even if it's on the same device.

Also, some attack vectors don't rely on compromising your device at all (like phishing), and in those cases 2FA is a game changer, even in its "bad" form.

Full-strength 2FA is laudable and should be the goal, but even weak 2FA is beneficial and worth having.

Right, but when it comes to wallets, and basically being responsible for your own money. It's only recommendable to do your upmost when it comes to securing your funds, and therefore half arsing a two factor authentication (2FA) doesn't really cut it. Every security practice you can put into place has a downside, however it completely depends on your threat model what you deem acceptable risk, and what you don't deem acceptable risk. Personally, a lot of the traditional two factor authentications are half arsed, and wouldn't cut it for me.

I'd say that weak 2FA is only acceptable if A) you know the risks, and accept them B) It's a temporary measure until you can implement better security. I'm a firm believer that security shouldn't be compromised on unless the drawbacks are much, much higher than the benefits. For example, security should only be compromised for convenience, however if you compromise too much, you no longer have security. If you don't have enough convenience it's likely to cause you problems, i.e having a key file stored 100 miles away from you, in a field is probably going to cause more harm than good if you need that to access funds.

[PowerGlove]

@Welsh: Yep, I think we mostly agree with one another, the last line of my previous post said: "Full-strength 2FA is laudable and should be the goal", which lines up with basically everything you're saying.

What I'm pushing back against is the sentiment that 2FA is "worthless" unless it's implemented in its ideal form. Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement. It will thwart certain types of attack that would previously have succeeded.

I get the emotional argument that you should go all the way or not bother at all, but that's not a defensible position, IMO. I know that's not your position, but it's definitely an idea I've run across a few times on this forum.

[Zilon]

[...]

2FA should be 2 factors that are not correlated with each other. In my case, it's the SD card (which is used for the SMS) and the password, both of which are known by someone who steals my mobile.


By the same reasoning, multi-sig is also 2FA. In fact, it's n-FA.

I buy that word not correlated. I was thinking 2FA comprises of a code(password, passphrase, Private key, fingerprint or voice recognition) the device owner knows and a randomly generated code that can only be used once for a specific purpose which could come in the form of ( OTP, TOTP, (multi-sig not used once) etc) . As long as this 2FA are correlated on a single device if the device gets broken into, informations could be compromised not necessarily wallets but other valuable informations which could even grant access to making funny guess about wallet passwords and seed phrase.

2FA's are best if the exist on different devices. Even HTLC and PTLC functions almost similar as 2FA but in a transaction setting where there is a cryptographic proof of payment and why this seems even secure is the cryptographic hash it's based upon

[Synchronice]

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used. Keep in mind that when you use something frequently, it can be a headache to have to always check another device. Also, there may be emergency cases to use your wallet and you will be in trouble, so hot wallet is hot and cold is cold, hot isn't meant to be as protected as cold.

Imagine, you are using an app and someone probably got your login/password details and tries to log in but you get the message on your smartphone as a second method of verification, more likely you are the only one who has access to it. So, it gets harder for the attacker to achieve the aim.
2FA on a hot wallet, for me, means double security, not supreme security. If you take care of your device, visit only clean websites and know a thing about security, you can relax.

Keep in mind that 2FA can't protect you if some criminal catches you and has control over you and your devices when the power and fear are in action.

The only perfect thing that could protect you would be something that's able to analyze your face, eyes, voice and have a heart-rate scanner (I mean the way smartphones show your heart rate by putting a finger) but instead of putting a finger, it should analyze your fingerprint too. By analyzing, according to face, eyes, voice and heart rate, it should determine whether the owner feels scared, under pressure or relaxed.
I know this sounds like science fiction but I think in the future, something like this will be developed for perfect security of bank accounts, crypto wallets, etc.

[LoyceV]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

No. Even if it's private, I don't want any third-party involved. What if they don't allow me to access my funds anymore?

We were discussing the possibility of a wallet app that would not let you save the login / password.

Mycelium doesn't store my PIN, but it's only 6 digits, so it can't be hard to brute-force.

Personally, I treat my hot wallet like cash. It's risky to carry a lot around, but still nice to have it with you if you need it.

I prefer to have different wallets for different purposes. That reduces the risk of hot wallets.

Remembers me of the bank model of a couple hundred years back

How old are you?

[PrimeNumber7]

Kind of like it only sends it's transactions through a certain set of servers, and after you create and transmit the transaction you have to then do a quick login and approve.

I would encourage you to read about the 2016 hack of Bitfinex. I understand that Bitfinex contracted with a third party to act as a “2nd factor” when signing outgoing transactions, while Bitfinex also held a third key that was kept in cold storage. I understand that Bitfinex would craft and sign transactions, and would send the partially signed transactions to the third party via their api, and if the api key (credentials) was valid, the third party would provide the second signature for the transactions (the transactions were from 2 of 3 multi sig addresses). Based on the publicity available facts, it appears that the hacker was able to compromise the server that interacts with the third party, changed the settings to allow for the third party to sign a higher volume of transactions, along with the private keys that are intended to be “hot”.

I don’t think it is possible for an app to prevent the user from automatically entering credentials, and even an on-screen keyboard can be compromised.

I believe the above system was sold by the third party as being as good as cold storage, as it required multiple institutions to sign outgoing transactions. I think “2FA” systems would be sold as something as good as cold storage. I think that even if it wasn’t sold as such, users would implement it as such. I really don’t think the potential for improved security is not there. You can improve security by implementing multi sig. Security will only be improved if multiple devices are used to sign transactions. That’s the only way.

[o_e_l_e_o]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement. And compared to using a 3 word seed phrase, using 6 words is technically an improvement. But that still doesn't mean that these examples are secure, worth using, or should be recommended.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

[n0nce]

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

That's a really good way to put it.

Instead of focusing on 'it is technically better than nothing' (logical privation fallacy), pointing out how with little extra effort (compared to bad 2FA) you gain the main benefit of 2FA.

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

That's the same approach and logic behind it that I use, too.

[PowerGlove]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement.

Yup, I get what you're saying.

I don't think it's a fair comparison, though.

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Whereas, with your example (two passwords), it's pretty much impossible (for me, anyway) to think of any (realistic) attacks that would be prevented by that.

Anyway, I'll give it a rest, because I get the feeling that my posts in this thread are coming off as security advice, which is not my intention.

[o_e_l_e_o]

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

This is why I use 2FA frequently on a lot of things, but not on my mobile hot wallet. I don't see it adding any meaningful security.

[PrimeNumber7]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement.

Yup, I get what you're saying.

I don't think it's a fair comparison, though.

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Whereas, with your example (two passwords), it's pretty much impossible (for me, anyway) to think of any (realistic) attacks that would be prevented by that.

Anyway, I'll give it a rest, because I get the feeling that my posts in this thread are coming off as security advice, which is not my intention.

In general, it is best to use a password manager. Doing so allows you to use truly random passwords (that are unique to each other) that you don't have to risk being forgotten.

If someone is able to access your password manager once, it will be trivial for them to access it a second time.

I would argue that using a sufficiently weak 2FA is worse than no 2FA because it will give users a false sense of security that may result in more money being stored on a hot wallet than might be appropriate.

[DaveF]

...$5 wrench...

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Interesting to see where this thread has gone in terms of the discussion.

-Dave

[Fivestar4everMVP]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

This already exists by using Electrum's 2FA via TrustedCoin. However, having both the wallet and the 2FA app on the same device is meaningless, as explained below.

I honestly can not agree less with you, when I had all my accounts 2FAed, I had one device then, one day, I began to imagine, what if my phone gets stolen and the thief manages to unlock my phone without performing a factory reset or flashing?
Chrome browser automatically saves all the passwords required to login on my different accounts, 2fa authenticator is installed on the same device - this simply means the thief will easily gain access almost all my accounts....
This imagination is what drove me to buying a second device, this device is like a bank token, I use it to take care of all things 2fa, google 2fa authentication, phone and email authentication all managed on this device.

I personally think those who have their wallet and 2fa app on one device have not come to the realization that their device could be stolen, what they are actually focused on is avoiding Hackers from accessing their accounts or wallets in a situation where a hacker tries to gain access to their account.
But right now, they all should know that their device could be stolen and could find a way of unlocking the device without wiping, flashing or factory resetting the device, this puts them at the risk of loosing all the funds stored on the wallets installed on that device.

[PowerGlove]

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

We clearly have different scenarios in mind, which is adding to the confusion, I think. I mean, in that specific scenario, sure, I completely agree with you. You'd have to really stretch to make up a worthwhile justification for adding a 2FA app to the mix.

For other scenarios, I've already laid out some of the attacks that would be defeated by single-device 2FA, earlier in this thread. Like I said in the disclaimer on my first post, I've been talking about 2FA in general this whole time and not only in terms of mobile wallets.

With that in mind, I think we probably already agree with each other.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

I'm not sure about the "so incredibly easy" part. Some people don't have enough devices for full-strength 2FA. Other people, may have enough devices, but their setup makes it a real hassle to deal with.

Take someone like me, for example. I trust my desktop/laptop much more than I trust my phone. So, setting up multi-device 2FA for me basically amounts to having my TOTP application on my laptop and my password manager on my desktop. Because I use the same application for both tasks (KeePassXC) and I don't want a compromise of one to affect the other, I split my password database into two pieces, one with nothing but TOTP seeds in it and one with nothing but usernames and passwords in it. When I want to check my e-mail, I have to fire my laptop up to get the TOTP. For something as crucial as my main e-mail account, that's worth the hassle. For (some) other things, not so much.

Call me lazy, but for less important accounts, I've taken to putting both the TOTP seeds and the passwords in the same database. This setup is obviously not ideal from a security perspective, but it's much more convenient for me and it still provides some legitimate additional security. Even with this weak 2FA, those accounts are still protected from phishing, keylogging, copy/paste sniffing, etc. Basically any attack that's sophisticated enough to steal my password but not sophisticated enough to break into the KeePassXC database and steal the TOTP seed (which is a much heavier lift, because it's never typed in or copy/pasted anywhere).

Anyway, I don't want to derail DaveF's thread further with 2FA discussion that's not specifically about wallets, so unless he doesn't mind these slightly off-topic asides, I'll be bowing out for now

[LoyceV]

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

I can think of so many potential problems: accidentally entering that password out of habit, an attacker somehow changing the destination address (clipboard malware), not being able to review the transaction before sending, or just being beaten with the wrench until you give access to the destination address.
A much better method is adding different passphrases to the same 24 word seed. It's impossible to prove you're using more than one.

I honestly can not agree less with you, when I had all my accounts 2FAed, I had one device then, one day, I began to imagine, what if my phone gets stolen and the thief manages to unlock my phone without performing a factory reset or flashing?
Chrome browser automatically saves all the passwords required to login on my different accounts, 2fa authenticator is installed on the same device - this simply means the thief will easily gain access almost all my accounts....

My solution is to not do any banking on my phone, use only a small Bitcoin wallet for daily expenses, have a different account for Bitcointalk, and use a different email address. I've disabled as many "restore options" as possible to limit potential attacks and I install as little software as possible.

[o_e_l_e_o]

IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Until they hit you so much you reveal how to access the destination address.

You need something with plausible deniability. Different passphrases as Loyce has pointed out is the usual route to take. To build on your system, I guess you would need some way of making your phone appear like it was infected with malware. Perhaps it broadcasts the attacker's transaction with a very low fee, and then a few seconds later RBFs it to a different address. Or every time they enter their address, it makes it very obvious that the address is being "maliciously" changed to a different one.

Call me lazy, but for less important accounts, I've taken to putting both the TOTP seeds and the passwords in the same database. This setup is obviously not ideal from a security perspective, but it's much more convenient for me and it still provides some legitimate additional security.

This is different. An online account can have its password attacked remotely by anyone anywhere in the world without ever being near the device (physically or electronically) which is storing both the password and the 2FA. While having both password and 2FA on the same device is not optimal, in such a scenario it does still add additional security. This is not the case for a mobile wallet which is being discussed here. An attacker must compromise your device somehow to access your wallet file, in which case everything else on that device is similarly vulnerable to compromise.

[DaveF]

IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Until they hit you so much you reveal how to access the destination address.

You need something with plausible deniability. Different passphrases as Loyce has pointed out is the usual route to take. To build on your system, I guess you would need some way of making your phone appear like it was infected with malware. Perhaps it broadcasts the attacker's transaction with a very low fee, and then a few seconds later RBFs it to a different address. Or every time they enter their address, it makes it very obvious that the address is being "maliciously" changed to a different one.

Either way, it just becomes a question of how you want to setup your OPSEC

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

-Dave

[o_e_l_e_o]

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

But in both cases, how do you convince the attacker to stop hitting you?

You could prove the address sent to is a multi-sig, by either revealing its script or spending from it before so its script can be viewed via any block explorer. But how do you convince the attacker that it is a multi-sig with other people and not just 3 of your own wallets? In the case of the timelocked transaction, how do you convince the attacker that although there has been a timelocked transaction you don't still have the seed phrase/private key to the wallet which created the timelocked transaction and could just create a normal transaction any time you want?

At the end of the day, having a not-that-secure mobile wallet with a small amount of funds is not the worst thing in the world to lose, if by handing it over to an attacker you thereby avoid revealing anything about your main stash.

[DaveF]

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

But in both cases, how do you convince the attacker to stop hitting you?

You could prove the address sent to is a multi-sig, by either revealing its script or spending from it before so its script can be viewed via any block explorer. But how do you convince the attacker that it is a multi-sig with other people and not just 3 of your own wallets? In the case of the timelocked transaction, how do you convince the attacker that although there has been a timelocked transaction you don't still have the seed phrase/private key to the wallet which created the timelocked transaction and could just create a normal transaction any time you want?

At the end of the day, having a not-that-secure mobile wallet with a small amount of funds is not the worst thing in the world to lose, if by handing it over to an attacker you thereby avoid revealing anything about your main stash.

You don't have to. They made a mistake of where they sent the funds. You are sitting there tied up getting hit with a wrench. Either that or your phone is infected, or if there is more then one person, they are stealing from their partners by sending funds that they have access to and not the others. This way at least you have company as they they start getting hit with a wrench.

Or as we keep saying, don't leave a lot of funds on your phone. Since my old phone did a gravity check so I had to get a new one and BTC / crypto is down I would be more worried about not getting my phone back then getting my crypto stolen.

-Dave

[PrimeNumber7]

...$5 wrench...

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

I am not sure how good of an idea it is to implement what you describe. If you are being subjected to a $5 wrench attack, your attacker may not believe you when you say you cannot access the coin anymore after the coin had just moved, so you might be subjected to further physical harm. Also, if the attacker does believe you, they may react negatively when they discover that you just moved your coin to an address you cannot immediately access. (I think the typical "mugger" will say something along the lines of "give me your wallet or I'll shoot")

[o_e_l_e_o]

If you are being subjected to a $5 wrench attack, your attacker may not believe you when you say you cannot access the coin anymore after the coin had just moved, so you might be subjected to further physical harm. Also, if the attacker does believe you, they may react negatively when they discover that you just moved your coin to an address you cannot immediately access. (I think the typical "mugger" will say something along the lines of "give me your wallet or I'll shoot")

I tend to agree. In a $5 wrench situation, then your best way of getting out of that situation alive and minimizing harm is to give the attacker what they want, which is some bitcoin. If they see you own a bunch of bitcoin which then automatically moves to a different wallet or your wallet app self destructs or whatever, then they still know you own that bitcoin and can just hit you until you reveal your back up, the other wallet, whatever. Instead you need to be able to hand over some amount of bitcoin to them while keeping them unaware of your main stash. This means segregated wallets with different devices, seed phrases, passphrases, etc., and it also means good on-chain privacy so there are no obvious blockchain links between your daily wallet you are going to hand over and your larger holdings.