Sure Voltaire.
You have a fundamental misunderstanding of how blockchain works and what its value is, but Iâm not going to bother to explain everything because it looks like your mind is already made up so itâs just a waste of time. I will address one very simple point though in case other people think 2FA would somehow make any kind of difference:
No, itâs not. 2FA achieves absolutely nothing in this situation other than extra work for the user. It does not impede the attacker in any way.
Itâs not possible to sign a transaction without using the associated private key. It doesnât matter what kind of 2FA woo you try and apply here, it makes no difference. You cannot sign a transaction on a compromised computer without exposing your private keys to whoever compromised it. So 2FA cannot protect you when sending a transaction.
The private key can be encrypted to protect against attackers simply copying it from your filesystem (which Daedalus already does) but this encryption cannot be linked at the cryptographic level to 2FA. So 2FA cannot protect your wallet data.
If your system is compromised before you even create your wallet, then the attackers have everything anyway and they just wait for you to send coins to âyourâ wallet. 2FA obviously doesnât help there either.
4 Likes
Iâm not referring to signing. Conceptually in order to get into the wallet a log in is required. From there 2FA is required much the same as on Binance. Once you have access to the wallet you can transact. However to spend you still need your password. Get it? Restoring the sMe wallet cannot be done without the 2FA. You probably think things should remain as they are. I get it. A few years back, people said bitcoin wasnât possible. The same was said for the mars rover, quantum computers, laptops, and mobile phones.
In the same way 2FA would protect a user from an unauthorized spend couldnât it? If a wallet was not password protected, left open, or if the password was known, the bad actor would not be able to spend without doing additional work to get the 2FA from the device to which it was sent.
And to go one step further, I am certain it is mathematically possible to create an algorithm that considers the 2FA value coupled to the private key which would allow signing to the block. It just hasnât been done yet.
But if someone got your seed phrase the 2FA would do nothing to protect your coinsâŚ
It is only extra protection on a working device.
OK so one more time. Create an additional layer of protection within the wallet whereby the 2FA provides a value which is recognized that allows for restoring of a wallet. Without the 2FA, a restore could not be completed. There are several ways in which 2FA can be used to provide an additional layer of protection. Even adding a 3rd âsecurityâ layerâŚa Cardano Security Layer, in addition to the computational and settlement layers.
We have lots of options.this type of layer would mean that even if the person had a seed, they could not restore. Upon attempting to restore, the true owner could act to send funds out of the compromised wallet. 2FA isnât perfect, I get itâŚbut neither is relying on a mathematically large number as the only safeguard to stop someone from stealing funds.
I admire your patience, Sean. I would have given up long time ago 
2 Likes
Not that newâŚ
If this was a prevalent issue, it would have gained more attention than a half page article on some spam riddled blog.
Are we still discussing about 2FA??? 2FA does not make any difference and does not add any security on a poisoned machine! if you donât understand this concept you deserve to get ripped off! go back and buy gold bars!
1 Like
LOL Hope this is not official Cardano stand, because good luck selling your
product to general public if that is going to be an excuse .
1 Like
If you lose your car in a car crash, do you lose interest in driving?
Hereâs my analogy
2FA achieves absolutely nothing in this situation other than extra work for the user. It does not impede the attacker in any way.
Itâs not possible to sign a transaction without using the associated private key. It doesnât matter what kind of 2FA woo you try and apply here, it makes no difference. You cannot sign a transaction on a compromised computer without exposing your private keys to whoever compromised it. So 2FA cannot protect you when sending a transaction.
The private key can be encrypted to protect against attackers simply copying it from your filesystem (which Daedalus already does) but this encryption cannot be linked at the cryptographic level to 2FA. So 2FA cannot protect your wallet data.
If your system is compromised before you even create your wallet, then the attackers have everything anyway and they just wait for you to send coins to âyourâ wallet. 2FA obviously doesnât help there either.
This is not a stand, itâs a factâŚfacts are either true or falseâŚit makes no difference where you stand.
3 Likes
@atcalypso
Can you explain who are the sellers here, whatâs the product and who owns the product? Please elaborate on the âexcuseâ as well, excuse for what? Also please share your conception of what makes a stand or statement official? and finally what is the âstandâ you are referring to here?
I think this is likely to become more of an issue when the less savvy and sophisticated general population adopts.
Iâm not here to sell Cardano to the public. Iâm here as Cardano stakeholder, and i want to believe that the trust (and the money) i put into this project would be used to develop something more than a 2FA mechanism which does not bring any security in this specific use case.
About the general public i try to explain with this analogy:
When you withdraw your cash from any ATM, will you secure the banknotes in a wallet or you leave them in a place where everybody can steal it? Let me ask you thisâŚWhen a robber steal money form an old woman, who just withdraw, do you complain with the bank because it not secure to place the ATM machine in the street?
The same concept apply to an ADA wallet (actually to any computer)âŚwhen you will understand how to protect your digital property you will realize that is already secure enough!
She cannot be robbed from a person a thousand miles away while she is asleep. The perpetrator has to physically be there. They then risk being confronted by other people. In some cases robbing someone in person vacancy be life threatening. Thatâs hardly the case online. Thatâs why you see so many keyboard warriors, right?
One thing crypto does offer is that you can carry a large amount of money and carry a second wallet with less funds. However you can do the same with an atm card so the compelling reason is lost isnât it?
I think more than one person already explain you why there is no need to add new complicated security optionsâŚif you donât understand it is your problemâŚno need to discuss further.
If there is no need for additional levels of security, then there is no need for further development of provably secure processes. BTC has that handled. No need for other cryptos Cardano has that handled. Everyone should stop. No need for hashgraph, no need for XRP. No need for any other coin. Laughable. Security always develops further because adversaries always develop new attack vectors and because technology advances. So once quantum resistance is built in, stop development? You donât think the threat will develop. Youâre naive at best.
2FA relies on a shared secret. By design this can only work in a centralized environment like an exchange or an online wallet, not on the blockchain.
But a multi sig would be possible and kind of the blockchain equivalent of 2FA. Multi sig means for example: you need 2 private keys to access the funds.
There are also more advanced and configurable multi sig solutions like: there are 3 private keys and 2 of them are sufficent to access the funds. As far as I know Cardano will have such advanced multi sig solutions.
10 Likes
Yeah itâs on the way.
1 Like