Google 2FA Needed Way More Often


#1

As the O3 network grows, so does my portfolio, as well as my concern for asset safety.

On any other exchange, it is required to enter Google 2fa every time you sign in, and i don’t mind, it gives me peace of mind when it comes to my funds.

Please consider making this a requirement for entering the wallet, and/or logging into Switcheo.


#2

The nature of how the O3 wallet works makes it so that 2FA does not really add any extra security.
O3 is just a gateway to let you interact with the blockchain directly and is completely different from an exchange. It’s because your accounts on exchanges are connected to your email and/or phone number that you need this 2FA. In case someone enters your email or have access to your phone number they can log in to your account and take your funds.

With O3 and for example Switcheo this is different. The only thing that can get you access to your funds is your private key. There’s a very minimal chance that anyone gets your private key because the only place you would use it is when you switch to a new device. It’s not stored in your email, not connected to your phone number. Maybe you would use it one time a year at max if you buy a new phone? As long as it’s not exposed there is no way someone can get access to your funds. That’s the beauty of the decentralized experience for managing your funds we are providing, and that is why a decentralized exchange like Switcheo is thousands of times more secure than a centralized exchange.

I hope my explanation is clear enough, but feel free to ask more questions. Adding 2FA is really not going to add anything on the security side but instead just creates a less smooth user experience, hence we have not implemented it.


#3

When i connect to the Switcheo dApp within the O3 wallet, Switcheo asks for a wallet login, then asks if i want to login using the O3 wallet, O3 then asks for my pin, and bam, im logged in.

So it seems if someone had access to my phone, and could get inside, they could effectively use my funds from my NEO address.


#4

The thing is that for most Android phones and all iPhones there is a very strong security. The private key which you use to sign transactions and log in to Switcheo is stored in your phone with the best available encryption methods. If they were able to crack that they can also take all of your other data including your credit card details and personal details stored on there, which is just as unlikely.

I get your point, but at this adding 2FA is not going to have much use. That being said we’re also thinking about adding other features to the O3 ecosystem like some cold-storage wallet type, where you can move funds around smoothly between your ‘savings’ and your ‘daily use’ accounts, with increased security on your savings account.

We wont ignore your request though, I’ll discuss with the team whether it is something that we can add in the near term!


#5

On that note, if someone can access your phone, they would most likely have access to your 2FA as well, whether it’s through SMS or something like Google Authenticator.

We are always looking for ways to better enhance the security though. It’s certainly a top priority for our apps.