Why Local Apps and 2FA Aren’t Friends- Yet.
A look at the challenges and shortcomings of one of our most requested features.
At Exodus, we strive to provide a simple, secure method for storing and exchanging your crypto assets. Out of all the exciting feature requests, one of the most highly requested one is the addition of 2-Factor Authentication or 2FA. It makes sense too. This is a well-known and popular security feature used by websites and web-based apps. While it may seem like a simple (and obvious) security addition, the reality is much less cut and dry when it comes to implementing 2FA in local apps like your Exodus wallet.
The Exodus Approach
To address the security concerns raised by customers requesting 2FA, we went a step further and implemented support for hardware wallets by partnering with Trezor. This maintains our ethos of putting you in direct control of your wealth and avoids being subjected to third party approval to access your funds. The security of Trezor combined with the design of Exodus makes advanced security easy and accessible to even the newest users.
Hardware wallets are immune to malware and viruses. They do not disclose your 12-word recovery phrase or your private keys to your computer. They require you to confirm the spending of your funds on the device itself and have the device on hand. In other words, all the sensitive data that gives you control over your funds is restricted to the device itself and never leaves it, which makes hardware wallets the most secure way to store large amounts of crypto.
These devices provide the advantage of locally-stored wallet data while ensuring only the individual with both the PIN (sometimes, an extra password) and physical possession of the device can gain access.
2FA is present in many of the apps we use today and has become virtually standard for applications dealing with finance. Put simply, 2-Factor Authentication requires information from an additional, linked device in order to allow access to the account or device in question. In many cases, this will be a smartphone using SMS or an Authentication app such as Authy or Google Authenticator, but it can also be anything from a digital ID card to biometric data like a fingerprint or iris scan. This extra verification step means the user must have access to both pieces of the authentication puzzle, making it much harder for anyone other than the account owner to access sensitive information.
The rapid adoption of the modern smartphone has proven instrumental in the development of 2 Factor Authentication. When implementing 2FA, developers can now safely assume the majority of users will have a high powered computational device on them at all times which can serve as their authenticator. By utilizing a device that is already part of our everyday lives, 2FA can be implemented on a much wider scale.
However, there are serious limitations to the security that is actually achieved through phone-based 2FA. 2FA codes sent over SMS are inherently insecure, due to the possibility of SIM cloning or Social Engineering to gain access to a mobile account (we’ve even seen a few high profile examples of this in the crypto space). Authentication apps have proven to be a much safer alternative, as they are not linked to a specific account or mobile network. Instead, they provide codes only on devices which have previously been linked to the application. Additional devices cannot be added without first gaining access using a previously linked device.
So why don’t we integrate with these apps in Exodus?
Imagine for a moment you live in a high-rise apartment building, and your unit is kept secure by a lock for which only you possess a key. After a wild night celebrating your crypto gains, you find yourself locked out—with no key to be found.
In this scenario, the likely next step would be to contact the management of your building. Aside from profusely apologizing to the maintenance technician you just awoke, there is likely not much more you need to do than prove who you are and why you should be granted access to the locked unit.
The same concept applies to the online systems of banks as well as crypto exchanges that maintain custody of your funds. While 2FA methods can act as an effective deterrent for attackers, depending on the circumstances and what alternate proof of ownership you posses, it’s more than likely possible to get the building manager to let you in the door.
The Gatekeeper’s Dilemma
With locally-stored software such as Exodus, however, the story is a bit different. Since the wallet creates, encrypts and stores all information on your local system, any linked 2FA method would be required to gain access to your wallet. If this 2FA method is your smartphone, access to your Exodus wallet is reliant entirely on your possession- and the function- of that phone. There is no building manager in this scenario. Without your 2FA device, you’re standing outside a locked building, for which only you possess (or did possess) the key. In other words, there is no way to access your funds.
While the above is an example of 2FA leading to an environment that is too secure, there is another side to the (bit)coin which allows even the most advanced of 2FA systems to be bypassed.
Leaving the Back Door Open
Software wallets that allow control of your private keys, such as Exodus, often provide a 12 or 24 word phrase that is a mnemonic representation of those keys. In the event you lose access to your install of Exodus for any reason, you can quickly restore it by inputting your 12 word phrase. In fact- due to the standardization of this format for transmitting private key information- you can even import your Exodus-created wallet right into another supported wallet platform.
Based on the above, you may see where the glaring security hole lies. With access to your 12 word phrase, an attacker could simply restore your wallet into another install of Exodus or similar software, and bypass any established 2FA method all together. The power behind these 12 magical words are why it’s incredibly important to guard them closely.
What it All Means
To implement an effective 2FA system for Exodus, we would need to achieve the following: a reliable backup that doesn’t require sharing user data, as well as a way to prevent malicious restoration using the 12-word phrase, all while ensuring that you maintain full control of your funds. It’s a difficult equation for which current technology hasn’t yet given us an answer- which is why traditional 2FA isn’t in Exodus.
With all of that said, we’re not stopping at improving the security of Exodus and will continue exploring how to implement an advanced version of 2FA that does not rely on a 3rd party and works with a local app like Exodus.
Please reserve the Medium comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to: firstname.lastname@example.org