Why Every Crypto Trader Must Use 2FA Wherever Possible
Anyone who has been in the cryptocurrency scene long enough has probably been the subject of a hack in some form or knows someone who has. While some of the more notorious hacks happened years ago (e.g. Mt. Gox), there are still big exchange breaches occurring in centralized exchanges as recently as February of 2020. This exchange hack resulted in the closing of an Italian exchange called Altsbit.
The prime factor that resulted in the recent Twitter hack was “social engineering” of key employees at Twitter. What that means exactly is uncertain. Nevertheless, there are plenty of security measures to take to protect your accounts even when your password gets compromised. Let’s start with an understanding of one of the primary ways you can be manipulated into giving away private information.
Phishing
Phishing is a way for hackers to direct users to enter personal information at a spoofed website that matches the look and feel of the legitimate site. This information is then used to steal sensitive account information and lead to multiple levels of theft.
Signs your exchange account has been phished
- You spontaneously receive an email asking for you to verify a login attempt. This means someone has access to your account username and password.
- You may occasionally receive emails that have uncharacteristic language, or requests to change your password.
However, if you have 2FA enabled, even your stolen login information will be insufficient to make it to your account and your funds.
2FA
Perhaps the best way to protect your exchange accounts is by using 2FA through a one-time password (OTP) authentication app. Among centralized exchanges, it is more or less an industry standard to have the option of 2FA via SMS or Google Authenticator.
The result is a situation in which even if there were an attempt to hack a user’s password, or there were phishing where a user allowed another individual access to an account, unknowingly, there would be an additional layer of constraint preventing full account access.
Unfortunately, the traditional methodologies for 2FA aren’t fool-proof.
While the concept itself provides a layer of security that is unprecedented for account access, the mechanism has various flaws that we believe can easily be remedied.
SMS 2FA Drawbacks
Imagine this: you wake up one morning to multiple emails, saying your passwords have been changed.
You slowly navigate to your Coinbase account and then notice all the BTC you’ve spent time accumulating has suddenly disappeared. In a haze of surprise, you call Coinbase support and they say you’ve been SIM swapped, where an individual took your SIM card and began controlling your phone number. This individual then used the control of your phone number to get past the 2FA of Coinbase to then send themselves your BTC, which is completely unrecoverable.
Unfortunately, many have told this story time and time again. With SIM swapping being more and more common, a solution to this crisis of account security is absolutely necessary.
The Solution
What if there was a solution in which not only would your security be heightened, but also you’d be paid for engaging in this heightened security practice?
The solution we offer is one in which this is exactly the reality.
To this day, the solutions that are used for 2FA, outside of SMS, are fairly banal ones and don’t involve any previous user experience, such as Google Authenticator and Duo push.
Recognizing this, there is a clear indication as to why individuals wouldn’t partake in 2FA, or at the minimum, prefer app-based 2FA to SMS based 2FA.
The result is a massive disparity between the supply of users interested in gaining an additional layer of security, and the actual demand of users interested in wanting to use these applications with horrible UXs.
No longer does a bulky UX have to prevent users from participating from a heightened layer of security. We are ushering in a new era of security — paying users for engaging in 2FA.
