Author

Topic: Setup a totally offline 2FA? (Read 648 times)

newbie
Activity: 12
Merit: 0
December 13, 2013, 08:33:50 PM
#1
Is it possible to set up a totally offline 2FA using something like Google Authenticator or another "widely" used authentication method?

For example my bank has a "digipass": a physical device without any network connection (no LAN, no WiFi, no bluetooth, no nothing) that generates codes in response to challenges (bank account number to wire money to, transfer amount, etc.). Or some companies have physical RSA tokens for their employees which permanently generate authentication codes. PokerStars also offers such a fully offline 2FA device (obviously some players have a lot of money in their PokerStars account).

But in the Bitcoin ecosystem apparently we're stuck with 2FA which apparently require a device which is always connected... I'm not saying it entirely defeats the purpose of 2FA but there have already been reports about people getting their bitcoin stolen despite having 2FA.

In a way all these "2FA apps" are really a poor-man's 2FA compare to these fully offline devices. I mean: there's a very real issue that the device offering the 2FA app gets itself remotely compromised (say your Mac is compromised and you use that same Mac to log to your bitcoin exchange and to "sync" your smartphone... Smartphone which you use as a 2FA  Shocked     I mean: I'm not the only one to think that it's only a matter of time before bad guys find a way to exploit this right?!).

So... In the same way that it is possible to use an offline computer to generate a wallet that you can put in deep cold storage, is there a way to somehow setup a device (an Android device ?) to use something like Google Authenticator but entirely offline?

I don't mind if the device is only used for 2FA... But I do mind if it has WiFi, bluetooth, or anything making it possible to be "online".
Jump to: