Topic: This is why you enable 2FA. - page 2. (Read 2818 times)

Two Factor Authentication is there for security. This is what happens when you don't take advantage of the service they are providing in the expense of ease. This might've been a lesson for you, learned in a hard way. I always enable 2fa in almost every account I have if possible to prevent hacking potential.

as long as you have the secret backed up, using 2FA should never be a problem

there are a lot of ways to recover your funds. you can export your wallet or private keys in form of paper wallet to have them in case you lost your 2FA, password, ... and got locked out of your BC.I account (may be different in other wallets). so you can import them into another wallet core, electrum,... and use the coins.

also if you look around in all those services there is a reset 2FA or recover account option
example: https://blockchain.info/wallet/reset-two-factor


no argument there!


to be safe means looking around and enabling 2FA not ignoring it because you "think" you lose access if you lose your phone.

The sites offering 2FA also offer a secret key. Open your eyes, save that and your 2FA is safe even if you lose your phone.

Of course, you can do it your way, which is good until proven otherwise.

its why you also need 2FA in your google account,its important for every account,not just for wallet account. the only way to hack this security is by phising and lost the device,but its a small chance to happen.

I will never enable 2FA. What happens if for some reason I lost my phone, it is stolen, or I lost my number by any reason?! I can imagine it can bring you many troubles.

You just need to follow simple security rules to keep your accounts safe. It is not rocket science.

Better safe than sorry!

Personally I don't have 2FA enabled anywhere on my accounts because it's just a hassle for me and it slows down logging into websites. I am using a password manager like LastPass and have replaced all my passwords with very difficult to crack ones and I have been like this for almost 2 years now and haven't had any issues. But I don't leave my laptop unsupervised anyways so no one has physical access to it to alter things. But if someone tried all the data is password protected and encrypted within the password manager so let them try 

this is why you move your funds to a more secure wallet as in cold storage and only keep a very small amount in your hot wallet. keeping funds in an online wallet is exactly like keeping cash on your desk and have your desk accessible to millions of hackersrobbers by placing it in the middle of street!

good advice. I also use 2fa. even it a little bit makes a fuse for me, but it's usefull to protect my bitcoin. so I don't have to concern about the security of my bitcoin. it's save.

that's right, exactly, use it before you get hacked.

2fa is useless if your gmail account is being hacked

It is true that enable 2FA is the solution to prevent loss/hacking the funds we have diinternet, but sometimes has a way of hackers breaking into your 2FA can, so if you don't want to lose your funds, you should use wallet offline to menyimpana your investment funds or to keep some funds into your Wallet offline, so if later the unwanted things happened you still have a portion of those funds.

Obviously, first stop where you set-up 2FA is your GMail (or other mailbox) registered with all important services.
You are free to have your opinion, but making a point against having everything locked with an extra key, with assumption that all those extra keys are going to be kept "under the door mat" is... pointless.

I agree wholeheartedly. Finances aren't something that people should take lightly, and when it comes to online banking in this world, you have to realize people are out there to take all your money and all security measures need to be taken.

2FA should just be default on any sort of account that is used to access financial assets. It can be a pain in the ass, sure, but I'd much prefer it to be more prevalent.

This is why you don't let anyone touch your clean drive. If you are storing bitcoin without an air gap, you really should either use 2fa or only use that device for bitcoin.

If you are storing your Bitcoin anywhere with 2FA, you should have it enabled. No exceptions.

2FA makes it infinitely harder for anyone to access your account, and requires both your phone and the access point to be available, not just the access point. I have coinbase and a personal wallet, and I use 2FA for both.

I used my common password at Yobit.net and now i'm paranoid as hell that they are going to use it to hack my other accounts. I changed the password since, but am wondering if they still have access to the previous password. 

This. Don't share computers, run anti-spy ware often, and be very careful of social media, it's used to harvest personal info to give hackers access to your life (especially old school banks which still ask questions like "what was your first school").

no matter how much we have bitcoin,and no matter which wallet used by us,i think applying 2FA is important thing for secure our bitcoin,one that should make sure by us,dont lost your devices.

The trezor and coinbase keys are not stored at my house so I am quite okay, only my 'hot' QT wallet holds funds that I wish to access quickly. I could access my coinbase funds and with a wait of 48H move them to my bitcoin debit card if i was in need of urgent funds abroad or at home.

I was surprised as kaspersky is a very very good security application which when properly set up has stopped much. Actually it detected the virus with the latest update which makes me think this was some kind of zero-day exploit which even kaspersky would be limited at checking. I have set up the kaspersky safe money which i figured out how it works, it can help protect ageinst keylogging using a type of hypervisor  set up. I have used kaspersky since 2009 and this is the first attack i have had of it's kind on a machine with it installed.

2FA has a key limitation though that it does not protect against attacks at the wallet providers back-end, OR something like mt.gox. So keeping funds in different wallets, and keeping things in different physical undisclosed locations (such as my trezor and it's seed) and having only a small working amount accessible at any one time can limit  damage.

Keep 20 or so BTC in a single wallet id be worried unless its a trezor or similar. Just how i wouldn't keep 50k or more in a single account.(i wish i had that!)

And if you want a vanity address like my hot wallet, do not generate it online, but do it yourself... if you do not own or have some control of the private keys, its not yours. Thats why i liked the coinbase multisig vault to help diversify my BTC assets as they grow and trezors.

My friends machine happened to be clean on checking, the only place we could have got it from is our college network, which my lecturer actually has warned us to be very careful with as its not that secure...

He has his memory stick encrypted with a container and unencrypted space and has a traveller version of truecrypt on it which turned out to be the affected executable, it wasn't an 'autorun' virus as such and that is disabled on windows 10 by default for USB drives.

We have tracked down the problem and he was stunned so whatever it was had somehow infected that executable which kaspersky flagged up on an update, he has used my machine plenty of times with the same stick without issue in the past.

Moral of the story is, diverisfy your bitcoin/crypto assets, enable 2FA, and for more than 2 or so BTC, invest in a trezor and keep it's seed safe.

While they got past my  first layer of security (complex passwords of random numbers and letters and symbols) due to side channel attacking (keylogging)

They were stopped by the second layer (2FA) and all other measures, the moment i got the SMS from paypal saying i was trying to log in it raised the alarm and got me to change all passwords on a safe machine quickly.

It saved me hassle like no end, I set up 2FA on my other accounts because my mother is deceased and thus irreplaceable messages and content exists on there, although all text messages were backed up.

even my email has 2FA set, its set on everything possible to set it on

on paypal you can bypass the 2FA if you were phished and gave away your account security questions.

my PC does also have full disk encryption as do my telephones, I do take as many measures as I can with security, i have taken this a step further after this by making my main PC user account a 'limited' account without administrator privileges.


The virtual machine is a good idea, although for my bitcoin QT hot wallet im not too fussed as no more than £80 will ever sit in that wallet before i move it, unless I solo mine a block which will end up safely moved and diversified.


I posted this as i have ready many, many horror stories on this forum of people loosing large amounts of coins due to lack of 2FA or from live wallets such as bitcoin QT or lost from online wallets, or stolen from vanity addresses... Such simple measures can really help, a print out of a private key stored somewhere safe such as a safe deposit box could save your ass against forgotten wallet passphrases even...