2FA / MFA options
Yubikey (and the like) and OTP...
No SMS nonsense... why SMS is still used is beyond idiotic.
please support yubikey
d: biometrics are inherently flawed and invasive. Sure they provide a (false) sense of security, but actual security is very limited and only to a point of being in an honest and just world (which we don't live in: government is just as much a threat as a regular criminal, not that there is much difference between the two anymore), but easier to coerce/extract "out of" someone.
Such tech is bipassable, several very simple hacks are easily found with a simple search.
With facial recognition, someone merely has to get your face in view of the camera in some fashion... even a good make-up artist (ie make a mask) can fool the system. Facial recognition even fails by use of high quality pictures and deep fakes, there are multiple articles and research studies done on this. I have even had the system fail to recognize me just because I grew facial hair, and fail again after retraining and shaving.
With fingerprint, someone merely has to knock you out, tie you up, cut off the finger, lift the fingerprint from something, etc.
In court? Very easy to force you to unlock the device under either method of faux "security".
Now, if you want to use such horribly flawed and invasive (do you really trust entities like Google, Apple, etc to keep biometric data secure? Biometric data has been hacked and stolen in past and you never know what their OSes/devices are sending in the background or who they are giving it to) tech, by all means, do so at your own risk. But be aware of the downsides and the reality of their (in)effectiveness.
Much better to stick with knowledge (pin/password) + device based (ie yubikey) + OTP security. Neither being useful without the other. Both destroyable/forgotten.
A "sense of security" is not the same as actual/real security. You can "feel" safe all you want, doesn't mean you actually are.
When this is implemented, please support multiple MFA devices at the same time. I like to use TOTP as the main option, and have fido U2F as a backup if I lose my app. Ledger supports acting as a Fido device so it is backed-up with your seed phrase. Don't go the lazy route and only support SMS for 2fa, it's outdated and insecure
Nicholas: Correct. Forced SMS auth = switching from Koinly. 0 need to store your phone # here.
Optional 2fa that i can use on any app, fine.
marked this post as
This is now being actively worked on
Petur: Please make sure its typical 2fa and not SMS. And needs to work on multiple apps like Authy bitwarden etc! Lastly OPTIONAL!!!!!!!
Merged in a post:
Trustless Login & 2FA
Being that we are talking about crypto and thus finances here. It makes little sense that trustless logins are not in use. Whether that be using ONT.ID, unstoppable domain login, or other crypto ID solution.
Despite only being readable access, the information that is contained on here alone is enough to do massive harm.
Also, we are talking finances here, even the amounts of transactions are sensitive. 2FA is essential. Yubikey is an excellent option.
Raja shing Raja shing