Author

Topic: [OFFICIAL]Bitfinex.com first Bitcoin P2P lending platform for leverage trading - page 116. (Read 723903 times)

member
Activity: 77
Merit: 13
As an example of what I meant, here is a post that someone just sent me...

https://github.com/HFenter/MarginBot

https://bitcointalksearch.org/topic/ann-marginbot-a-bitfinex-margin-lending-management-bot-865250

Here is a bot for the swaps market that prioritizes keeping it active, it doesn't care the rate, it would just prefer that its funds are always in use. With no FRR, this would be the norm. The simple fact remains, that as long as people can get something, rather than nothing, they will probably take it. That being said, I really want to update the FRR, and hopefully it makes it more responsive.

Most lenders will not use that bot, and will instead opt to use whatever on-site autolending facility Bitfinex provides.

That said, if everyone did start using that bot, it would be a great improvement over the FRR. MarginBot places a range of offers, rather than dumping everything at a single rate. You can configure a minimum rate to lend at, as well as an amount of your funds to reserve for lending at higher rates. Everyone using it would configure it with different parameters to suit their tastes. We would no longer have the massive, market-distorting wall of offers at a single point on the offer book.
mjr
full member
Activity: 194
Merit: 100
As an example of what I meant, here is a post that someone just sent me...

https://github.com/HFenter/MarginBot

https://bitcointalksearch.org/topic/ann-marginbot-a-bitfinex-margin-lending-management-bot-865250

Here is a bot for the swaps market that prioritizes keeping it active, it doesn't care the rate, it would just prefer that its funds are always in use. With no FRR, this would be the norm. The simple fact remains, that as long as people can get something, rather than nothing, they will probably take it. That being said, I really want to update the FRR, and hopefully it makes it more responsive.
mjr
full member
Activity: 194
Merit: 100
I believe the actual complaint was that if your email account is compromised from one device, that's pretty much game over - a sufficiently motivated attacker can have a password reset sent to that email address, and have a conversation with your support people to have the 2FA turned off. So the security of your Bitfinex account reduces to the security of your email account, with the OTP device serving mostly as a small additional roadblock to make the process slightly inconvenient, rather than a true additional 'factor'.

It is important to understand and remember that NONE of YOUR devices need to be compromised for your e-mail account to be compromised. There are numbers other attack vectors depending on which e-mail provider you have chosen. A dishonest employee, for example, could easily abuse or take over your e-mail account. This is why I insist that an e-mail account is just one factor regardless of how this factor is protected.

* Your e-mail account is ONE factor. ONE. Period.
Not correct, Gmail has 2FA if one wants to enable it.
I have it and recommend everyone to have it.

I stand by my statement. Your Gmail account is one factor which could be protected by two factors. A Google employee could take over your e-mail account regardless. Think of it this way: Your house is still just one house even if you put an extra lock on the front door.

I don't think we disagree that things SHOULD be more secure, but in order to do that, as you suggest, people should buy another phone that they use ONLY for 2fa. That is probably not going to happen in 99% of cases. Therefore, due to the unwillingness to implement a hardware solution, it becomes 1fa. Here is the issue:

1. We need to know you are the person with the rights to access the account.
2. You do this by providing something you have.
3. If you lose that something, you still have the rights to access your account.
4. In order to remedy that, we have to be able to bypass the original security that you set up, due to the loss of your password, phone, email, etc

I agree with this but I would like #4 to be a bit harder - but not so hard that it becomes impossible.


So, to be clear, if you maintain your security on your phone, and your email, you will never be able to be hacked. These issues affect people who have ALREADY been compromised. If we add gpg key as another method, what happens when you lose your gpg key? The simple fact remains, that google 2FA IS two factor authentication if you haven't lost one of the methods of authentication. We require the phone, which has the Google 2FA, and also the password, which you should be the only one to know.

Obviously, since this system REQUIRES you to talk to someone in support, if you say that you lost your phone and forgot your password...the human who is talking to you will probe much more deeply and watch much more carefully.

I agree that if I COULD just say "Hey, lost my phone and forgot my password, I sent you an email from the account used to open the account", and if this is all that is necessary, you could have a problem, but, you have to talk to someone in support, via email. They will respond to your request and await a response from you. I haven't seen the email spoofing successfully done, or reported here.

If you actually lose access to your phone, and you used an email which is on your phone, AND your phone isn't locked, the password can be guessed, or it doesn't use biometrics, THEN you have been pretty well compromised. For me, if I lost my phone, I would notice sometime within 24 hours. I usually touch my phone physically at least every hour, aside from sleep. Given that iPhones (and I believe Android?) can be remotely wiped, any access to the compromised phone should be able to be mitigated as soon as the loss is noticed. Since you cannot withdraw for a week, you should have more than enough time to work this out with support.

Long story, short, bitfinex uses a password authentication method, with optional 2FA, but we cannot guarantee your security in regards to YOUR phone, YOUR email address, and YOUR laptop. Basically, the complaint is, well, my phone and my laptop got hacked, how could they access my bitfinex account? I would say that if you were compromised in 2 other areas...your security procedures probably need some work.

Thank you for your long response.

Actually, no, my phone and desktop would not need to be compromised. My complaint is that someone who gains access to my e-mail account, with or without hacking any device (which, if you consider the various threat models, is not required to gain control over someone's e-mail), could p0wn me.

As for your other points: I completely agree that the security of my Bitfinex account and the devices used to access it is my personal responsibility. This is why I do not like that the security can be compromised by a factor out of my control.

And I do see and agree that the human factor at Bitfinex would make an attack difficult (but not impossible?). I have e-mailed both the support@ and that better address quite a few times over the years and the average response time seems to be 5-10 minutes and it's always smart people who reply (perhaps Bitfinex requires that customer support people do not watch television?) so I assume it would not be totally strait-forward to fool them. I am also guessing that this means I could have my account locked down pretty fast if need be.

I think that if someone wanted to REQUEST that we require more than simply emailing us and having a conversation, and place additional restrictions on their account, and agreeing to endure the higher inconvenience, that would be reasonable.

Now you are on the right track. You seem to have thought a bit about this, what would your suggestion be as to these "additional restrictions"? As I mentioned, a picture of me holding a note saying "disable 2FA" to get it disabled seems like a reasonable trade-off and I requirement I would personally like to have on _my_ Bitfinex account. It is hard to fake. This does not solve the "$5 wrench" problem but that one is a lot harder.

Oh, btw mjr, one last thing: Try leaving your phone at home when you go out to meet friends and loved ones. Consider making it a habit. I know many resist this idea but it can actually be a great thing - just like not having a television, not having facebook or a twitter account and so on. Many of these things that are supposed to make your life better .. just makes you stressed and continuously disrupt your harmony and give you bad karma.

I love Facebook, Twitter and Television, and I couldn't live without my phone...LOL, they do the exact opposite of stress me out, they calm me, and make my life better. They connect me to people, they allow me to find answers quickly, they educate me, make me more efficient. It is too easy to label things "good" or "bad", they are just things, and how you use them defines their goodness when compared to your goals.

In regards to the other point, IF you only needed to get the email, I don't think it would be 2FA, but since you need the email, but will find it very difficult to change the password AND disable the 2FA, they still are 2 factors, IMO.
full member
Activity: 145
Merit: 100
I do Stuff, and stuff.....

ok...

thats great  Grin
i just got few btc swap offer returned before 1 hour which mean i got more interest in effect    Cool
  

Note to self:  keep checking bitfinex every hours minute to maximize profit


Or use something like this to check bitfinex for you every 10 minutes to maximize profits:

https://bitcointalksearch.org/topic/ann-marginbot-a-bitfinex-margin-lending-management-bot-865250

 Grin
newbie
Activity: 48
Merit: 0
I believe the actual complaint was that if your email account is compromised from one device, that's pretty much game over - a sufficiently motivated attacker can have a password reset sent to that email address, and have a conversation with your support people to have the 2FA turned off. So the security of your Bitfinex account reduces to the security of your email account, with the OTP device serving mostly as a small additional roadblock to make the process slightly inconvenient, rather than a true additional 'factor'.

It is important to understand and remember that NONE of YOUR devices need to be compromised for your e-mail account to be compromised. There are numbers other attack vectors depending on which e-mail provider you have chosen. A dishonest employee, for example, could easily abuse or take over your e-mail account. This is why I insist that an e-mail account is just one factor regardless of how this factor is protected.

* Your e-mail account is ONE factor. ONE. Period.
Not correct, Gmail has 2FA if one wants to enable it.
I have it and recommend everyone to have it.

I stand by my statement. Your Gmail account is one factor which could be protected by two factors. A Google employee could take over your e-mail account regardless. Think of it this way: Your house is still just one house even if you put an extra lock on the front door.

I don't think we disagree that things SHOULD be more secure, but in order to do that, as you suggest, people should buy another phone that they use ONLY for 2fa. That is probably not going to happen in 99% of cases. Therefore, due to the unwillingness to implement a hardware solution, it becomes 1fa. Here is the issue:

1. We need to know you are the person with the rights to access the account.
2. You do this by providing something you have.
3. If you lose that something, you still have the rights to access your account.
4. In order to remedy that, we have to be able to bypass the original security that you set up, due to the loss of your password, phone, email, etc

I agree with this but I would like #4 to be a bit harder - but not so hard that it becomes impossible.


So, to be clear, if you maintain your security on your phone, and your email, you will never be able to be hacked. These issues affect people who have ALREADY been compromised. If we add gpg key as another method, what happens when you lose your gpg key? The simple fact remains, that google 2FA IS two factor authentication if you haven't lost one of the methods of authentication. We require the phone, which has the Google 2FA, and also the password, which you should be the only one to know.

Obviously, since this system REQUIRES you to talk to someone in support, if you say that you lost your phone and forgot your password...the human who is talking to you will probe much more deeply and watch much more carefully.

I agree that if I COULD just say "Hey, lost my phone and forgot my password, I sent you an email from the account used to open the account", and if this is all that is necessary, you could have a problem, but, you have to talk to someone in support, via email. They will respond to your request and await a response from you. I haven't seen the email spoofing successfully done, or reported here.

If you actually lose access to your phone, and you used an email which is on your phone, AND your phone isn't locked, the password can be guessed, or it doesn't use biometrics, THEN you have been pretty well compromised. For me, if I lost my phone, I would notice sometime within 24 hours. I usually touch my phone physically at least every hour, aside from sleep. Given that iPhones (and I believe Android?) can be remotely wiped, any access to the compromised phone should be able to be mitigated as soon as the loss is noticed. Since you cannot withdraw for a week, you should have more than enough time to work this out with support.

Long story, short, bitfinex uses a password authentication method, with optional 2FA, but we cannot guarantee your security in regards to YOUR phone, YOUR email address, and YOUR laptop. Basically, the complaint is, well, my phone and my laptop got hacked, how could they access my bitfinex account? I would say that if you were compromised in 2 other areas...your security procedures probably need some work.

Thank you for your long response.

Actually, no, my phone and desktop would not need to be compromised. My complaint is that someone who gains access to my e-mail account, with or without hacking any device (which, if you consider the various threat models, is not required to gain control over someone's e-mail), could p0wn me.

As for your other points: I completely agree that the security of my Bitfinex account and the devices used to access it is my personal responsibility. This is why I do not like that the security can be compromised by a factor out of my control.

And I do see and agree that the human factor at Bitfinex would make an attack difficult (but not impossible?). I have e-mailed both the support@ and that better address quite a few times over the years and the average response time seems to be 5-10 minutes and it's always smart people who reply (perhaps Bitfinex requires that customer support people do not watch television?) so I assume it would not be totally strait-forward to fool them. I am also guessing that this means I could have my account locked down pretty fast if need be.

I think that if someone wanted to REQUEST that we require more than simply emailing us and having a conversation, and place additional restrictions on their account, and agreeing to endure the higher inconvenience, that would be reasonable.

Now you are on the right track. You seem to have thought a bit about this, what would your suggestion be as to these "additional restrictions"? As I mentioned, a picture of me holding a note saying "disable 2FA" to get it disabled seems like a reasonable trade-off and I requirement I would personally like to have on _my_ Bitfinex account. It is hard to fake. This does not solve the "$5 wrench" problem but that one is a lot harder.

Oh, btw mjr, one last thing: Try leaving your phone at home when you go out to meet friends and loved ones. Consider making it a habit. I know many resist this idea but it can actually be a great thing - just like not having a television, not having facebook or a twitter account and so on. Many of these things that are supposed to make your life better .. just makes you stressed and continuously disrupt your harmony and give you bad karma.
full member
Activity: 136
Merit: 100
I totally agree with you. That is exactly what we are trying to accomplish. Right now, we are testing an exponential weighted average, so that the most recent active swaps will count a lot more towards the next FRR than the one from an hour ago. This should make it more sensitive, and allow it to wander more freely. Ideally, instead of a stairway, it should hopefully be more like a slope.

It is kind of a big change, and it is something that has pretty far reaching effects, which is why we are being cautious.

Faster-moving is promising, although I'm a little worried that would just accelerate the current progress of "slow grind down until the wall is exhausted, then launch up". I'm not seeing how it would allow the wall to move up in the face of demand unless swaps from above the wall are being taken for some reason.

Kinda have to cut the cord and stop setting the variable rate by reference to the fixed rates; the presence of the variable rate offers has too much influence on which fixed rate swaps are taken for that to be effective and not effectively self-referential.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
The best way to do it is to never reset the 2fa without an extremely long waiting period (30 days ~) because sometimes you get hacked when on vacation without internet.

Then you need to teach people, that they need to backup their masterkey for the autification. Most people don't do this, but most sites also don't tell you too.

I could lose my phone, my ipad and my computer and I'd still have access to my google authentificator codes somehow.
mjr
full member
Activity: 194
Merit: 100
Most people want something rather than nothing, and some posters even said, if the FRR wasn't there, I would just pick the lowest rate and do that. FRR is very similar to a market order, they don't request a specific return, and are basically willing to take whatever they get. I, personally, think that the FRR prob keeps rates higher, because they don't just go for the lowest possible.

I can see that being possible... my instinct would be that it would be far more volatile - higher when we're on a bull run, lower when we're not, and more prone to jump about all crazy-like.

You'd have a steady stream of auto-lenders taking random pot-shots at whatever's available from the swap requests (hopefully not all of them - some would just take anything above zero but surely at least some would wise up and start at least picking a rate to auto-renew at once a day... and some would probably just leave), and that regular slow-trickle dump would indeed weaken the incentive for traders to take offers when they can just wait for a lowball 'market' offer... which might actually make the 'requests' side of the book relevant (and thicker at sensible rates) rather than just a queue of hopefuls waiting for someone to dump almost-free funding on them.

But even while full-auto lenders chew through the swap requests, without that giant anchoring wall on the offer-side, it'd also be that much easier for a rush of traders in a hurry to chew through the offers up to ~0.7%, as we've seen when the wall goes down before. That's why I'm thinking it would erode both sides and leave the going rate more freely wandering. Might be overall higher or lower, who knows, but that might well be more representative of the true supply/demand.

I can see the value in the FRR as a place to put all the lazy money so it can be stored up safely rather than unleashed all at once onto an unprepared set of 'requests', but I do still wish the wall would move when people start taking it; respond to the apparent demand by moving rates up a li'l bit to test whether there's still demand at that higher rate, then move back down if there isn't. I'm just going to keep saying that until either you're sick of hearing it or you become convinced.

I totally agree with you. That is exactly what we are trying to accomplish. Right now, we are testing an exponential weighted average, so that the most recent active swaps will count a lot more towards the next FRR than the one from an hour ago. This should make it more sensitive, and allow it to wander more freely. Ideally, instead of a stairway, it should hopefully be more like a slope.

It is kind of a big change, and it is something that has pretty far reaching effects, which is why we are being cautious.
mjr
full member
Activity: 194
Merit: 100
...

* Your e-mail account is ONE factor. ONE. Period.
...
Not correct, Gmail has 2FA if one wants to enable it.
I have it and recommend everyone to have it.

Yes, I have my entire google account set up with 2FA.

But, to be fair, let's say you use a specific phone just for 2FA. So there is a truly separate second factor, they take your main phone which has your email. They can then probably send emails as you, and find out which email you used to open the account (assuming this is a targeted attack), so they might be able to disable 2FA, BUT, if they also said that they needed to reset the password, I think that this would not work, as it is highly suspicious to lose your phone and forget your password. So, I think it is two factor, since they can't access your bitfinex account with ONLY the 2FA disabled.
full member
Activity: 144
Merit: 100
...

* Your e-mail account is ONE factor. ONE. Period.
...
Not correct, Gmail has 2FA if one wants to enable it.
I have it and recommend everyone to have it.
full member
Activity: 136
Merit: 100
Most people want something rather than nothing, and some posters even said, if the FRR wasn't there, I would just pick the lowest rate and do that. FRR is very similar to a market order, they don't request a specific return, and are basically willing to take whatever they get. I, personally, think that the FRR prob keeps rates higher, because they don't just go for the lowest possible.

I can see that being possible... my instinct would be that it would be far more volatile - higher when we're on a bull run, lower when we're not, and more prone to jump about all crazy-like.

You'd have a steady stream of auto-lenders taking random pot-shots at whatever's available from the swap requests (hopefully not all of them - some would just take anything above zero but surely at least some would wise up and start at least picking a rate to auto-renew at once a day... and some would probably just leave), and that regular slow-trickle dump would indeed weaken the incentive for traders to take offers when they can just wait for a lowball 'market' offer... which might actually make the 'requests' side of the book relevant (and thicker at sensible rates) rather than just a queue of hopefuls waiting for someone to dump almost-free funding on them.

But even while full-auto lenders chew through the swap requests, without that giant anchoring wall on the offer-side, it'd also be that much easier for a rush of traders in a hurry to chew through the offers up to ~0.7%, as we've seen when the wall goes down before. That's why I'm thinking it would erode both sides and leave the going rate more freely wandering. Might be overall higher or lower, who knows, but that might well be more representative of the true supply/demand.

I can see the value in the FRR as a place to put all the lazy money so it can be stored up safely rather than unleashed all at once onto an unprepared set of 'requests', but I do still wish the wall would move when people start taking it; respond to the apparent demand by moving rates up a li'l bit to test whether there's still demand at that higher rate, then move back down if there isn't. I'm just going to keep saying that until either you're sick of hearing it or you become convinced.
mjr
full member
Activity: 194
Merit: 100
BTC swap rate is also terribly low even when the market was/is bearish.
Can we get a swap fee reduction from 15% to 10% maybe? Currently it's like 2.5% interest per year or less, hardly worth it.

This is what I don't understand, this is exactly how a market works. If it isn't worth it for enough people, then there will be no supply, and people will have to offer higher rates. Again, we don't want to set rates, and we are not trying to guarantee any sort of return, it is simply an option that people can, if the rates are agreeable to them, choose.

So that is why I am always baffled by all the discussion about FRR. Your unwillingness to offer a swap is a signal to the market that the rates are too low for you. If enough people feel the same, rates will have to rise, or there will be no swaps available. It appears, given that there is plenty of supply, that a lot of people require much lower rates than you, and what is hardly worth it to you, is worth it to them. This is what I was talking about in an earlier post, markets are always a race to the bottom, that is actually the discovery of the price.

True... I totally cant understand why anyone would lend bitcoins at such low rates. The risks of BFX having some sort of technical troubles might be low, but certainly not low enough for the potential rewards.

But:
The market cant really rise with that huge FRR wall. And I cannot lend BTC at FRR and then re-lend them out higher, so this severly limits price discovery.
Did you see this post, some criticism of it and a way to avoid these problems?



Yes, we have been discussing it a while, and are working on a change to the FRR calculation. I think it could work a lot better, but in general...if you want rates to rise, don't lend. Constricting supply would raise rates, but you would have to forego any return for the meantime. Most people want something rather than nothing, and some posters even said, if the FRR wasn't there, I would just pick the lowest rate and do that. FRR is very similar to a market order, they don't request a specific return, and are basically willing to take whatever they get. I, personally, think that the FRR prob keeps rates higher, because they don't just go for the lowest possible.
member
Activity: 63
Merit: 14
BTC swap rate is also terribly low even when the market was/is bearish.
Can we get a swap fee reduction from 15% to 10% maybe? Currently it's like 2.5% interest per year or less, hardly worth it.

This is what I don't understand, this is exactly how a market works. If it isn't worth it for enough people, then there will be no supply, and people will have to offer higher rates. Again, we don't want to set rates, and we are not trying to guarantee any sort of return, it is simply an option that people can, if the rates are agreeable to them, choose.

So that is why I am always baffled by all the discussion about FRR. Your unwillingness to offer a swap is a signal to the market that the rates are too low for you. If enough people feel the same, rates will have to rise, or there will be no swaps available. It appears, given that there is plenty of supply, that a lot of people require much lower rates than you, and what is hardly worth it to you, is worth it to them. This is what I was talking about in an earlier post, markets are always a race to the bottom, that is actually the discovery of the price.

True... I totally cant understand why anyone would lend bitcoins at such low rates. The risks of BFX having some sort of technical troubles might be low, but certainly not low enough for the potential rewards.

But:
The market cant really rise with that huge FRR wall. And I cannot lend BTC at FRR and then re-lend them out higher, so this severly limits price discovery.
Did you see this post, some criticism of it and a way to avoid these problems?

mjr
full member
Activity: 194
Merit: 100
BTC swap rate is also terribly low even when the market was/is bearish.
Can we get a swap fee reduction from 15% to 10% maybe? Currently it's like 2.5% interest per year or less, hardly worth it.

This is what I don't understand, this is exactly how a market works. If it isn't worth it for enough people, then there will be no supply, and people will have to offer higher rates. Again, we don't want to set rates, and we are not trying to guarantee any sort of return, it is simply an option that people can, if the rates are agreeable to them, choose.

So that is why I am always baffled by all the discussion about FRR. Your unwillingness to offer a swap is a signal to the market that the rates are too low for you. If enough people feel the same, rates will have to rise, or there will be no swaps available. It appears, given that there is plenty of supply, that a lot of people require much lower rates than you, and what is hardly worth it to you, is worth it to them. This is what I was talking about in an earlier post, markets are always a race to the bottom, that is actually the discovery of the price.
newbie
Activity: 33
Merit: 0
BTC swap rate is also terribly low even when the market was/is bearish.
Can we get a swap fee reduction from 15% to 10% maybe? Currently it's like 2.5% interest per year or less, hardly worth it.
legendary
Activity: 1199
Merit: 1047
It seems like USD loans aren't taken at FRR.
newbie
Activity: 7
Merit: 0
Dear Bitfinex

It's been an hour, but my BTC withdrawal still says, "Processing." Perhaps your hot wallet is empty?
I've sent an email to [email protected] containing transaction details. Would you please take a look?

Thanks.

--EDIT: This withdrawal processed within about an hour of my email to support. Many thanks--
full member
Activity: 136
Merit: 100
Long story, short, bitfinex uses a password authentication method, with optional 2FA, but we cannot guarantee your security in regards to YOUR phone, YOUR email address, and YOUR laptop. Basically, the complaint is, well, my phone and my laptop got hacked, how could they access my bitfinex account? I would say that if you were compromised in 2 other areas...your security procedures probably need some work.

I believe the actual complaint was that if your email account is compromised from one device, that's pretty much game over - a sufficiently motivated attacker can have a password reset sent to that email address, and have a conversation with your support people to have the 2FA turned off. So the security of your Bitfinex account reduces to the security of your email account, with the OTP device serving mostly as a small additional roadblock to make the process slightly inconvenient, rather than a true additional 'factor'.

Not that I can really complain... my phone isn't secure enough to really count as an extra factor regardless of your implementation of 2FA... it's just a harder single factor to compromise given I'd have to physically lose it rather than getting myself electronically/remotely pwned.
mjr
full member
Activity: 194
Merit: 100
This is an interesting post, and I am looking into it. However, one thing off the bat, I can't just create any email account and then email from it. You have to email FROM THE EMAIL USED TO OPEN THE ACCOUNT. So, as long as you were the original user to open the account, you should
A) Know what email was used.
B) Be the only one to have access to it.

Here is my problem with the current Bitfinex "security" system:

* Your e-mail account is ONE factor. ONE. Period.

If I get access to the e-mail account you used to sign up at BFX then I can:

* Reset your password.
* E-mail Bitfinex and have them disable your Google OTP.

The whole point of Google OTP is to provide TWO factor security for your account. What we have here is NOT two factor security, we have ONE factor factor security and that one factor is your e-mail account.

This means that your Bitfinex account is ONLY protected as well as your e-mail account is protected. If you, for example, signed up using a GMail account and use that with Bitfinex then everyone at Google can take control over your Bitfinex account.

Think about this: Why even bother ask for a password and OTP when you login at Bitfinex? Bitfinex could instead just ask you to enter your username and send you a login-link to your e-mail - then you click that link and you've got access to everything at Bitfinex. Does this sound secure? Well, regardless of what you think of that "security system" it is no less secure than the current system.

One little detail: You can not withdraw for 1 week after Bitfinex disables your OTP. This means that the adversary will need to look at your Facebook page and time the attack based on when you tell the world that you will be going on a two week jungle safari.

Of course, I am glad to look over the suggestions, and I think some of them might be useful as user requested additional settings. Security, from the user perspective, is a tradeoff between convenience and security. So, while making them fly to Hong Kong is super secure, it means that you could be locked out of your account for quite a long time. This is obviously just an extreme example. I, personally, hate when companies REQUIRE me to jump through hoops, and don't allow me to judge my personal preference for level of security. I think we struck a good balance, in that we allow you to lock your withdrawal address, offer automated withdrawals only if 2FA is enabled, and require 2FA for login. Obviously, this is heavily dependant on 2FA, and on a users own security measures. One thing I would highly recommend, again this isn't perfect security, but is have a passphrase on your phone, AND a separate one on your 2FA (in my case, you have to have my thumb to open Authy). Again, I stress that there is no perfect method that will make you unhackable, and if someone really wants it bad enough, there is always the $5 wrench. So, I think that doing a reasonable amount of preventative work, and getting into good security habits is effective for most accounts, while more extreme measures could be worthwhile for very large accounts, or for corporate accounts.

Really want to continue this conversation, so let me know your thoughts.

I agree that it is hard to make good trade-off's here. What I would like Bitfinex to solve better is that Google OTP should provide 2FA as in TWO FACTOR when it is used right. This means not using the device you use to login at Bitfinex for Google OTP (dedicated $50 android phone or a heavily passport protected normal phone, preferably one which you do not use to login at Bitfinex) and it also means not being able to remove Google OTP by the same means you can use to change the account password.

Bitfinex does not provide 2FA as long as you can use an e-mail account to easily both reset the password and remove OTP. That is NOT 2FA, that is 1FA. Period. And that is NOT secure. As I suggested: Write "Disable my 2FA, today is $DATE" on a piece of paper & take a photo holding that piece of paper and you now have something that is very hard to do for someone who is not you even if they have all the haxor skills in the world.

As for the $5 wrench.. yes, that is indeed a hard one to solve.

I don't think we disagree that things SHOULD be more secure, but in order to do that, as you suggest, people should buy another phone that they use ONLY for 2fa. That is probably not going to happen in 99% of cases. Therefore, due to the unwillingness to implement a hardware solution, it becomes 1fa. Here is the issue:

1. We need to know you are the person with the rights to access the account.
2. You do this by providing something you have.
3. If you lose that something, you still have the rights to access your account.
4. In order to remedy that, we have to be able to bypass the original security that you set up, due to the loss of your password, phone, email, etc

So, to be clear, if you maintain your security on your phone, and your email, you will never be able to be hacked. These issues affect people who have ALREADY been compromised. If we add gpg key as another method, what happens when you lose your gpg key? The simple fact remains, that google 2FA IS two factor authentication if you haven't lost one of the methods of authentication. We require the phone, which has the Google 2FA, and also the password, which you should be the only one to know. Obviously, since this system REQUIRES you to talk to someone in support, if you say that you lost your phone and forgot your password...the human who is talking to you will probe much more deeply and watch much more carefully. I agree that if I COULD just say "Hey, lost my phone and forgot my password, I sent you an email from the account used to open the account", and if this is all that is necessary, you could have a problem, but, you have to talk to someone in support, via email. They will respond to your request and await a response from you. I haven't seen the email spoofing successfully done, or reported here.

If you actually lose access to your phone, and you used an email which is on your phone, AND your phone isn't locked, the password can be guessed, or it doesn't use biometrics, THEN you have been pretty well compromised. For me, if I lost my phone, I would notice sometime within 24 hours. I usually touch my phone physically at least every hour, aside from sleep. Given that iPhones (and I believe Android?) can be remotely wiped, any access to the compromised phone should be able to be mitigated as soon as the loss is noticed. Since you cannot withdraw for a week, you should have more than enough time to work this out with support.

Long story, short, bitfinex uses a password authentication method, with optional 2FA, but we cannot guarantee your security in regards to YOUR phone, YOUR email address, and YOUR laptop. Basically, the complaint is, well, my phone and my laptop got hacked, how could they access my bitfinex account? I would say that if you were compromised in 2 other areas...your security procedures probably need some work.

I think that if someone wanted to REQUEST that we require more than simply emailing us and having a conversation, and place additional restrictions on their account, and agreeing to endure the higher inconvenience, that would be reasonable.

hero member
Activity: 756
Merit: 500
lending offers that are taken slightly below FRR will still result in FRR increasing.

Would help a bit, but we really need for offers taken at FRR to result in the FRR increasing.

Upon further thoughts, I think it is what it is; not much one can do to eradicate the problem.
Jump to: