Universal 2nd Factor (U2F) Overview, fido Alliance:
“The FIDO U2F protocol enables relying parties to offer a strong cryptographic 2nd factor option for end user security. The relying party’s dependence on passwords is reduced. The password can even be simplified to a 4-digit PIN. End users carry a single U2F device which works with any relying party supporting the protocol. The user gets the convenience of a single ‘keychain’ device and convenient security. This document is an overview of the U2F protocol and is a recommended first-read before reading detailed protocol documents.”
That tiny USB device pictured above has an ARM microprocessor which fits in your computer enabling strong cryptographic in Daedalus send feature.
Currently what happens in Daedalus when you want to send value out of your wallet is this:
With the DU2F you only have to touch it to validate sending, no passwords; that’s the point as your wallet would then be a 2-factor authentication enabled wallet.
If you lose your DU2F you would have to restore your wallet through your Daedalus recovery passphrase, thus wiping out the DU2F requirement.
Cost for an assembled DU2F should come in at $10.00 USD
You can also build one yourself as all parts are widely available.
The project will be license under, “Creative Commons Attribution-ShareAlike 4.0 International License”.
Well what do you all think, would you buy/build one?
Updates:
February 15, 2018
I did not make it clear but any U2F device should work, no pressure to buy another device.
Excellent idea. I would buy one for $20.
This “sending password” BS in wallets has to come to an end.
A pure HW or HW/SW hybrid wallet needs to be implemented.
Does Daedalus support this? I would buy or build one or two. If you bought 2 or 3 could they be set up as duplicates to keep in different locations like home and office and in case one is lost?
Can the device and/or software be confirmed to be safe and secure? open source?
one suggestion that would be a big plus for me if it is possible and adds a another layer of protection…I have my yubikey set up to access my password safe on my windows machine in such a way that I have to enter the first part of the password from memory and then touch the yubikey (long press) which fills in the second part of the password. This protects from the yubikey being stolen and used to send funds without permission.
It will have that feature plus, will measure and authentic identity of a client device and pair to it. Once paired it cannot be undone without resetting back to defaults, wiping away all data.