Author

Topic: Is it possible to make decentralized 2-factor authentication? (Read 2180 times)

brand new
Activity: 0
Merit: 0
Yes it is possible and it is implemented already in ZelCore platform. ZelID system is using blockchain to store, edit and fetch PIN eliminating need for 3rd party. More info: https://zelid.io/
newbie
Activity: 7
Merit: 0
2 factor authentication is very nice to have..  is it possible to do it in a decentralized way without trusting anyone else with the key being sent to you?

Ideally so you can in some way log in and recover your private key within a decentralized storage system or something like that.

Yes Offcource!

Most of us probably use 2FA for our bank account transfers or even for email (e.g. Gmail). Most common methods are one-time-passwords (generated by an application or a hardware token) or SMS messages with secret codes. Why not use smart contracts for that?

Smart contracts may receive (along with Ether and tokens) data from an account that are in hand of users (or computers), so we may use Blockchain as an authentication channel. In order to send data to a smart contract, the caller (a person or a computer) has to be associated with an Ethereum account and use this account’s private key (PK). Data are kept on the Blockchain and might be read by everybody. Security of this authentication channel depends mainly on keeping private key secret. However, I assume, that most Ethereum users are aware of fact that PK is something that should be protected.

If you are Looking for a blockchain development company who can implement it, then you can contact

LeewayHertz - Best Blockchain Development Company

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
2 factor authentication is very nice to have..  is it possible to do it in a decentralized way without trusting anyone else with the key being sent to you?

Ideally so you can in some way log in and recover your private key within a decentralized storage system or something like that.

You'd have to have it encrypted if it was decentralized.  So then you could use a secondary private key to decrypt your primary private key...lol. Kind of circular logic.  

If you want to be able to recover information , some kind of multisig is the best way I think.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Two factor authentication systems rely on a shared secret.  I can't see how that could be done security in an anonymous decentralized network.

An encrypted file can't be accessed without the decryption key.  You could give the file to unauthorized users and the contents of the file would still be secure (to the limit of the strength of the algorithm and key).  There is no way to "bypass" this.  Math protects the contents of the file.  2FA on the other hand is just an authentication mechanism it can be bypassed.  Take blockchain.info as an example, if an attacker (or employee) gained access to the server they could simply download the wallet files.  They would still be protected by the password (key) but there would be no need to defeat the 2FA.  2FA relies on trust, it relies on the gatekeeper limiting access.  In a decentralized system the attack is also the gatekeeper and they could simply ignore that trust.
hero member
Activity: 527
Merit: 503
2 factor authentication is very nice to have..  is it possible to do it in a decentralized way without trusting anyone else with the key being sent to you?

Ideally so you can in some way log in and recover your private key within a decentralized storage system or something like that.
Jump to: