Pages:
Author

Topic: Electrum 2FA - page 2. (Read 381 times)

legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
December 13, 2020, 11:58:14 AM
#5
I don't remember what TrustedCoin charges, but if you use your wallet a lot the fees might add up to the cost of a Ledger Nano or another affordable hardware wallet.
You can choose to either pay 0.001btc for a set of 20 transactions (0.00005 per tx) or 0.0025btc for 100 transactions (0.000025 per tx).
A Ledger Nano costs 59$ or around 0.003btc. So, it would be better to buy a hw if you are going to make more than 100 txs.

If someone has a second device to run the authenticator software, why don't he use it to create a 2 of 2 multisig wallet and save a lot of fees?!
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
December 13, 2020, 11:48:14 AM
#4
Does other kinds of seed phrase allow a third party to see the seeds?

If you allow Electrum to generate the seed phrase, you can see it by selecting "Wallet" from the menu, then clicking on "Seed."  You still need the password to display the seed phrase.  If you "restore" a wallet from a Bip39 seed phrase, that option will not be available. 
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 13, 2020, 11:40:54 AM
#3
I'm not a fan.  The idea of trusting a third party to sign my transactions seems to go against everything I've learned about crypto.
To be fair, I think they did think it through and they structured it such that you don't need the signature of TrustedCoin for the transaction to be valid because you hold 2 keys and the multisig is 2 of 3.

But, if we're only talking about desktop wallets there are plenty of security measures you can take that will mitigate your risk without TrustedCoin.  For example; using only bip39 seeds with your Electrum wallet will prevent someone who accesses your computer from seeing your seed phrase.  If you absent-mindedly walk away from your computer with your wallet open, an attacker would still need your wallet password to sign a transaction.
Agreed. I suppose using HW wallets would mitigate this risk completely in the first place. And with hot wallets, a password would be sufficient. Does other kinds of seed phrase allow a third party to see the seeds?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
December 13, 2020, 10:56:50 AM
#2
Does the 2FA in Electrum provide a false sense of security to the user or is there an actual use case that would justify the fees that TrustedCoin receives for their service?

I'm not a fan.  The idea of trusting a third party to sign my transactions seems to go against everything I've learned about crypto.

The fees alone are enough reason to consider other options.  I don't remember what TrustedCoin charges, but if you use your wallet a lot the fees might add up to the cost of a Ledger Nano or another affordable hardware wallet.

But, if we're only talking about desktop wallets there are plenty of security measures you can take that will mitigate your risk without TrustedCoin.  For example; using only bip39 seeds with your Electrum wallet will prevent someone who accesses your computer from seeing your seed phrase.  If you absent-mindedly walk away from your computer with your wallet open, an attacker would still need your wallet password to sign a transaction.

I agree that TrustedCoin would only help if your passwords get compromised after setting up the wallet. 
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 13, 2020, 10:37:42 AM
#1
This is not a topic about how to do 2FA, how it works etc etc. I'm talking about the efficacy of 2FA with TrustedCoin in preventing users' funds from getting compromised by a malicious party.

As a starter, 2FA by TrustedCoin incurs extra fees through both the larger TX size as well as their fees to be charged for the transactions signed by them. The benefits of TrustedCoin, however isn't exactly clear. On one hand, it would prevent attacks if the attacker is in control of the system for short periods of time and if the attacker doesn't install malware on it's computer. If the computer gets compromised by malware, the OTP that could be captured can be used to get TrustedCoin to sign an alternate transaction. It seems feasible in theory but I've yet to see anyone done it.

In addition, if the malware existed since the creation of the wallet, the 2FA would be totally useless. Does the 2FA in Electrum provide a false sense of security to the user or is there an actual use case that would justify the fees that TrustedCoin receives for their service?


Just some thoughts since Electrum's docs specifically mentions
Quote
adding another level of security in the event of your computer being compromised
. And a lot of newbies has been using 2FA and having quite some trouble with it as well.
Pages:
Jump to: