Less private but perhaps secure HOT wallet

[o_e_l_e_o]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement. And compared to using a 3 word seed phrase, using 6 words is technically an improvement. But that still doesn't mean that these examples are secure, worth using, or should be recommended.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

[1714583303]

1714583303

[1714583303]

1714583303

[1714583303]

1714583303

[n0nce]

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

That's a really good way to put it.

Instead of focusing on 'it is technically better than nothing' (logical privation fallacy), pointing out how with little extra effort (compared to bad 2FA) you gain the main benefit of 2FA.

2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

That's the same approach and logic behind it that I use, too.

[PowerGlove]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement.

Yup, I get what you're saying.

I don't think it's a fair comparison, though.

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Whereas, with your example (two passwords), it's pretty much impossible (for me, anyway) to think of any (realistic) attacks that would be prevented by that.

Anyway, I'll give it a rest, because I get the feeling that my posts in this thread are coming off as security advice, which is not my intention.

[o_e_l_e_o]

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

This is why I use 2FA frequently on a lot of things, but not on my mobile hot wallet. I don't see it adding any meaningful security.

[PrimeNumber7]

Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement.

Yup, I get what you're saying.

I don't think it's a fair comparison, though.

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Whereas, with your example (two passwords), it's pretty much impossible (for me, anyway) to think of any (realistic) attacks that would be prevented by that.

Anyway, I'll give it a rest, because I get the feeling that my posts in this thread are coming off as security advice, which is not my intention.

In general, it is best to use a password manager. Doing so allows you to use truly random passwords (that are unique to each other) that you don't have to risk being forgotten.

If someone is able to access your password manager once, it will be trivial for them to access it a second time.

I would argue that using a sufficiently weak 2FA is worse than no 2FA because it will give users a false sense of security that may result in more money being stored on a hot wallet than might be appropriate.

[DaveF]

...$5 wrench...

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Interesting to see where this thread has gone in terms of the discussion.

-Dave

[Fivestar4everMVP]

Would people want one that has some 2nd form of authentication that could probably be used to identify you, but in the event that the device was compromised not allow funds to be sent.

This already exists by using Electrum's 2FA via TrustedCoin. However, having both the wallet and the 2FA app on the same device is meaningless, as explained below.

I honestly can not agree less with you, when I had all my accounts 2FAed, I had one device then, one day, I began to imagine, what if my phone gets stolen and the thief manages to unlock my phone without performing a factory reset or flashing?
Chrome browser automatically saves all the passwords required to login on my different accounts, 2fa authenticator is installed on the same device - this simply means the thief will easily gain access almost all my accounts....
This imagination is what drove me to buying a second device, this device is like a bank token, I use it to take care of all things 2fa, google 2fa authentication, phone and email authentication all managed on this device.

I personally think those who have their wallet and 2fa app on one device have not come to the realization that their device could be stolen, what they are actually focused on is avoiding Hackers from accessing their accounts or wallets in a situation where a hacker tries to gain access to their account.
But right now, they all should know that their device could be stolen and could find a way of unlocking the device without wiping, flashing or factory resetting the device, this puts them at the risk of loosing all the funds stored on the wallets installed on that device.

[PowerGlove]

I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

We clearly have different scenarios in mind, which is adding to the confusion, I think. I mean, in that specific scenario, sure, I completely agree with you. You'd have to really stretch to make up a worthwhile justification for adding a 2FA app to the mix.

For other scenarios, I've already laid out some of the attacks that would be defeated by single-device 2FA, earlier in this thread. Like I said in the disclaimer on my first post, I've been talking about 2FA in general this whole time and not only in terms of mobile wallets.

With that in mind, I think we probably already agree with each other.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

I'm not sure about the "so incredibly easy" part. Some people don't have enough devices for full-strength 2FA. Other people, may have enough devices, but their setup makes it a real hassle to deal with.

Take someone like me, for example. I trust my desktop/laptop much more than I trust my phone. So, setting up multi-device 2FA for me basically amounts to having my TOTP application on my laptop and my password manager on my desktop. Because I use the same application for both tasks (KeePassXC) and I don't want a compromise of one to affect the other, I split my password database into two pieces, one with nothing but TOTP seeds in it and one with nothing but usernames and passwords in it. When I want to check my e-mail, I have to fire my laptop up to get the TOTP. For something as crucial as my main e-mail account, that's worth the hassle. For (some) other things, not so much.

Call me lazy, but for less important accounts, I've taken to putting both the TOTP seeds and the passwords in the same database. This setup is obviously not ideal from a security perspective, but it's much more convenient for me and it still provides some legitimate additional security. Even with this weak 2FA, those accounts are still protected from phishing, keylogging, copy/paste sniffing, etc. Basically any attack that's sophisticated enough to steal my password but not sophisticated enough to break into the KeePassXC database and steal the TOTP seed (which is a much heavier lift, because it's never typed in or copy/pasted anywhere).

Anyway, I don't want to derail DaveF's thread further with 2FA discussion that's not specifically about wallets, so unless he doesn't mind these slightly off-topic asides, I'll be bowing out for now

[LoyceV]

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

I can think of so many potential problems: accidentally entering that password out of habit, an attacker somehow changing the destination address (clipboard malware), not being able to review the transaction before sending, or just being beaten with the wrench until you give access to the destination address.
A much better method is adding different passphrases to the same 24 word seed. It's impossible to prove you're using more than one.

I honestly can not agree less with you, when I had all my accounts 2FAed, I had one device then, one day, I began to imagine, what if my phone gets stolen and the thief manages to unlock my phone without performing a factory reset or flashing?
Chrome browser automatically saves all the passwords required to login on my different accounts, 2fa authenticator is installed on the same device - this simply means the thief will easily gain access almost all my accounts....

My solution is to not do any banking on my phone, use only a small Bitcoin wallet for daily expenses, have a different account for Bitcointalk, and use a different email address. I've disabled as many "restore options" as possible to limit potential attacks and I install as little software as possible.

[o_e_l_e_o]

IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Until they hit you so much you reveal how to access the destination address.

You need something with plausible deniability. Different passphrases as Loyce has pointed out is the usual route to take. To build on your system, I guess you would need some way of making your phone appear like it was infected with malware. Perhaps it broadcasts the attacker's transaction with a very low fee, and then a few seconds later RBFs it to a different address. Or every time they enter their address, it makes it very obvious that the address is being "maliciously" changed to a different one.

Call me lazy, but for less important accounts, I've taken to putting both the TOTP seeds and the passwords in the same database. This setup is obviously not ideal from a security perspective, but it's much more convenient for me and it still provides some legitimate additional security.

This is different. An online account can have its password attacked remotely by anyone anywhere in the world without ever being near the device (physically or electronically) which is storing both the password and the 2FA. While having both password and 2FA on the same device is not optimal, in such a scenario it does still add additional security. This is not the case for a mobile wallet which is being discussed here. An attacker must compromise your device somehow to access your wallet file, in which case everything else on that device is similarly vulnerable to compromise.

[DaveF]

IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

Until they hit you so much you reveal how to access the destination address.

You need something with plausible deniability. Different passphrases as Loyce has pointed out is the usual route to take. To build on your system, I guess you would need some way of making your phone appear like it was infected with malware. Perhaps it broadcasts the attacker's transaction with a very low fee, and then a few seconds later RBFs it to a different address. Or every time they enter their address, it makes it very obvious that the address is being "maliciously" changed to a different one.

Either way, it just becomes a question of how you want to setup your OPSEC

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

-Dave

[o_e_l_e_o]

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

But in both cases, how do you convince the attacker to stop hitting you?

You could prove the address sent to is a multi-sig, by either revealing its script or spending from it before so its script can be viewed via any block explorer. But how do you convince the attacker that it is a multi-sig with other people and not just 3 of your own wallets? In the case of the timelocked transaction, how do you convince the attacker that although there has been a timelocked transaction you don't still have the seed phrase/private key to the wallet which created the timelocked transaction and could just create a normal transaction any time you want?

At the end of the day, having a not-that-secure mobile wallet with a small amount of funds is not the worst thing in the world to lose, if by handing it over to an attacker you thereby avoid revealing anything about your main stash.

[DaveF]

Your way, making it looks like your phone is infected works too. I was thinking of a x of y multisig with enough people involved that it's going to involve a lot of $5 wrenches on people.

The other possibility is having them be sent to a wallet that is always online and waiting for a transaction. That wallet will then send the BTC with a transaction with a timelock. They can keep hitting you with the wrench, it's not going to change time.

But in both cases, how do you convince the attacker to stop hitting you?

You could prove the address sent to is a multi-sig, by either revealing its script or spending from it before so its script can be viewed via any block explorer. But how do you convince the attacker that it is a multi-sig with other people and not just 3 of your own wallets? In the case of the timelocked transaction, how do you convince the attacker that although there has been a timelocked transaction you don't still have the seed phrase/private key to the wallet which created the timelocked transaction and could just create a normal transaction any time you want?

At the end of the day, having a not-that-secure mobile wallet with a small amount of funds is not the worst thing in the world to lose, if by handing it over to an attacker you thereby avoid revealing anything about your main stash.

You don't have to. They made a mistake of where they sent the funds. You are sitting there tied up getting hit with a wrench. Either that or your phone is infected, or if there is more then one person, they are stealing from their partners by sending funds that they have access to and not the others. This way at least you have company as they they start getting hit with a wrench.

Or as we keep saying, don't leave a lot of funds on your phone. Since my old phone did a gravity check so I had to get a new one and BTC / crypto is down I would be more worried about not getting my phone back then getting my crypto stolen.

-Dave

[PrimeNumber7]

...$5 wrench...

I have always thought a good idea for a wallet to get around the $5 wrench is a fully functional dead man switch.

Enter THAT pin / password / use that finger and the wallet unlocks normally. IF ANY transaction is attempted to be sent, all the funds are sent to a per-determined address with a high fee, non RBF. I mean at that point it's only going to get you hit some more with the wrench but at least they don't get the money.

I am not sure how good of an idea it is to implement what you describe. If you are being subjected to a $5 wrench attack, your attacker may not believe you when you say you cannot access the coin anymore after the coin had just moved, so you might be subjected to further physical harm. Also, if the attacker does believe you, they may react negatively when they discover that you just moved your coin to an address you cannot immediately access. (I think the typical "mugger" will say something along the lines of "give me your wallet or I'll shoot")

[o_e_l_e_o]

If you are being subjected to a $5 wrench attack, your attacker may not believe you when you say you cannot access the coin anymore after the coin had just moved, so you might be subjected to further physical harm. Also, if the attacker does believe you, they may react negatively when they discover that you just moved your coin to an address you cannot immediately access. (I think the typical "mugger" will say something along the lines of "give me your wallet or I'll shoot")

I tend to agree. In a $5 wrench situation, then your best way of getting out of that situation alive and minimizing harm is to give the attacker what they want, which is some bitcoin. If they see you own a bunch of bitcoin which then automatically moves to a different wallet or your wallet app self destructs or whatever, then they still know you own that bitcoin and can just hit you until you reveal your back up, the other wallet, whatever. Instead you need to be able to hand over some amount of bitcoin to them while keeping them unaware of your main stash. This means segregated wallets with different devices, seed phrases, passphrases, etc., and it also means good on-chain privacy so there are no obvious blockchain links between your daily wallet you are going to hand over and your larger holdings.