Feathercoin daemon and wallet production version 0.16.3
Attention!!!! If you are running a Feathercoin version other than 0.16.3 upgrade imediately to 0.16.3 . It contains an important bug fix

2FA/Wallet Integration


  • | Tip null

    Bounty Details:

    To collect this bounty, we require an open source

    Bounty Address:

    BTC: ?

    FTC: ?
    UFO: ?
    PXC: ?

    ORB: ?

    Current Bounty:

    ? btc

    ? ftc

    ? ufo
    ? pxc
    ? orb

    Resources:


  • | Tip null

    please bare with me as I put these threads together…


  • | Tip lizhi

    What is 2FA/Wallet Integration ?

    If we upgrade wallet to 0.9.X bitcoin core, can impliment it ?


  • administrators | Tip MrWyrm

    The requirement for a second stage of authentication when moving funds rather than just a password. So you’d enter your password and then be required to enter a time code or similar from a device only you possess. The simple solution could be a printed grid, where you have to enter characters from row 13 col 12 or something more complicated like Google Authenticator, Authy or YubiKey


  • | Tip kris_davison

    Even just an email sent to the stored account so they would have to hack your email and your wallet?


  • administrators | Tip MrWyrm

    I wouldn’t consider that enough, if your system has been compromised you have to presume that e-mail too has been compromised. The purpose of 2FA is to verify that you are the person by proving that you have access to something physical that has been previously registered with you. If it’s a piece of hardware, then there’s the risk that people won’t enable 2FA if there is a cost involved. More people would have access to something like google authenticator or authy on their mobiles, but I still think a simple ‘paper’ solution might be a nice backup. I mean, what happens if you lose your phone and get locked out of your wallet. Double whammy of loss. So it’s clear that we need to be responsible in it’s implementation.


  • | Tip null

    Wouldn’t paper not work? Isn’t the idea that the code needs to be dynamic?

    Otherwise if it was paper then it’s just a simple code that could be brute forced in time? Would that give equal to or greater strength to say google auth?

    I once had a hardware dongle from my bank which actively changed… Is it possible that there’s an open source solution we could modify?


  • administrators | Tip MrWyrm

    grid3.png

    Last pass uses it as an option. You’d be asked for characters of say 7A, 9L and 1Y.

    Maybe just as a recovery option?


  • | Tip null

    Hey that’s cool…