Author

Topic: Bitcoin wallet security (Read 759 times)

full member
Activity: 154
Merit: 100
October 17, 2013, 04:27:34 PM
#3
Trezor looks great at first glance. Haven't read anything about it yet though, but thanks for the link.
staff
Activity: 4284
Merit: 8808
October 17, 2013, 04:17:52 PM
#2
he and I can still log in to our bank accounts from his computer without anyone stealing our passwords.. it's a new one time code every time, generated by the physical authenticator.
These sorts of things generally only work in the model where there is some central party to validate the authenticator response (and said central authority has the freedom to steal all your funds without the token), they also don't protect against more sophisticated malware that waits for you to log in and then takes over. (And I've heard reports of this kind of thing being used against mtgox, for example: You think you're yubikey authorizing a withdraw to address A but it's really swapped out the form with address B).

Hardware wallets like Trezor will largely fix this (https://bitcointalksearch.org/topic/eshop-launched-trezor-bitcoin-hardware-wallet-122438).
full member
Activity: 154
Merit: 100
October 17, 2013, 03:46:04 PM
#1
The one thing that makes me a bit wary of installing bitcoin on my father's computer is security. He doesn't know squat about how to keep his PC secure, and no doubt has loads of malware on it. Me and him use the same bank, and I love that they require you to use a physical authenticator with a bank ID card in it. That way, even if someone is keylogging my dad's computer - he and I can still log in to our bank accounts from his computer without anyone stealing our passwords.. it's a new one time code every time, generated by the physical authenticator.

Blizzard entertainment (the company behind World of Warcraft) has something similar.. they also have a mobile authenticator app that you can install on your smartphone for extra security. I would love to see something like that for bitcoin, if there isn't already something like it and I just missed it.

Our bank also requires you to use the authenticator for confirming transactions.
Jump to: