Not your 2FA, not your coin
There is nothing more certain in crypto than the next exploit waiting to happen.
Shocking headlines somehow feel bizarrely routine. At this point, the cost of doing business starts to feel more like an inevitable risk. There is a whole industry made out of post-mortem reports with its rotation of industry-specific jargon to explain what’s going on, code reviews for when exploits eventually occur. What happens when code is used as it’s written, but not as it’s intended?
“Differences between the kinds of two-factor authentication might be subtle, but are worth repeating. Security of the secret seed has to be based on the strongest technical guarantees to protect users and support transactions that are entirely shielded from prying eyes. I’m excited to witness the advancement of security best practices on distributed ledgers through tools like 2FA Guru.”
Tyler Perkins, CMO at Matter Labs
No protocol is 100% safe
Private keys can be stolen. Or compromised via a backdoor. Bridge hacks threaten the very ecosystem they support with the possibility of leaked keys. These scenarios have resulted in hundreds of millions of dollars being drained from the coffers of public blockchains and user funds.
If the idea of granting pre-approval for a smart contract to access any amount of your coin doesn’t ring alarm bells, perhaps the tale of a certain Jhon Doe will, who woke up one morning to discover half of his UNI tokens missing. Infinite approval meant that predators made quick work of transferring funds without him ever signing a transaction. Much of the problem is that users are complicit in approval without proper comprehension of the risks they’re exposed to, as previously encountered by Bancor and Multichain.
The strange, whirlwind experiment that is blockchain is also not immune to social engineering attacks, as some unfortunate NFT owners discovered after falling victim to a phishing scam and taking to Twitter to air their woes of having their NFTs stolen.
Rethink the status quo
In the above we have given real-world examples to show how either spectrum — either an over-reliance on code or human action — can lead to suboptimal outcomes. What’s an effective implementation that balances the two, and is simple to understand?
All sorts of applications today — from online banking to exchanges such as Kraken — recommend using 2FA for an added layer of account security. But it is no easy task to enable support for 2FA verification on public chains. Principle among these is the security of the secret seed that — for the 2FA to work as a digital security measure — has to be based on the strongest security guarantees.
“Users trust that their transactions are closed off from prying eyes, but this expectation, when shown to be false, has devastating consequences. 2FA Guru creates a new security standard by making it nigh-impossible for hackers to bypass or intercept the authentication factor. We’re committed to keeping security risks to a minimum by keeping up-to-date with the latest tools available.”
Daniel Wise, Head of Content at Polygon Studios
That’s exactly what we are doing with 2FA Guru.
The last line of defence
2FA Guru is EVM-compatible and integrates with dApps across the full spectrum of security assumptions, from storage of 2FA secret seeds, to calculating 2FA verification and generation of the 2FA signature proof.
Its fully secure and shielded design affords users precious peace of mind — attackers simply cannot squirrel away their assets even in the case of losing private keys, careless user authorization, or commonplace phishing scams. 2FA Guru fits seamlessly into users’ workflow by working together with tools and managers such as 1Password, LastPass, and more.
You’ve heard about 2FA. Now meet 2FA Guru, and join the likes of zkSync, Polygon Studios and Celer Network as its first users.
Automata Network is a decentralized service protocol that provides middleware-like traceless privacy services for dApps on Ethereum and Polkadot to achieve privacy, high assurance, and frictionless computation.