Why Local Apps and 2FA Aren’t Friends- Yet.
A look at the challenges and shortcomings of one of our most requested features.
At Exodus, we strive to provide a simple, secure method for storing and exchanging your crypto assets. Out of all the exciting developments currently on our roadmap, perhaps the most highly requested is the addition of 2-Factor Authentication- or 2FA. While it may seem like a simple (and obvious) security addition, the reality is much less cut and dry.
2FA is present in many of the apps we use today, and has become virtually standard for applications dealing with finance. Put simply, 2-Factor Authentication requires information from an additional, linked device in order to allow access to the account or device in question. In many cases, this will be a smartphone using SMS or an Authentication app such as Authy or Google Authenticator- however it can be anything from a digital ID card to biometric data like a fingerprint or iris scan. This extra verification step means the user must have access to both pieces of the authentication puzzle- making it much harder for anyone other than the account owner to access sensitive information.
The rapid adoption of the modern smartphone has proven instrumental in the development of 2 Factor Authentication. When implementing 2FA, developers can now safely assume the majority of users will have a high powered computational device on them at all times which can serve as their authenticator. Traditional methods of digital 2FA require dedicated hardware, which is impractical for consumer use. By utilizing a device that is already part of our everyday lives, 2FA can be implemented on a much wider scale.
However, there are serious limitations to the security that is actually achieved through phone-based 2FA. 2FA codes sent over SMS are inherently insecure, due to the possibility of SIM cloning or Social Engineering to gain access to a mobile account (we’ve even seen a few high profile examples of this in the crypto space). Authentication apps have proven to be a much safer alternative, as they are not linked to a specific account or mobile network. Instead, they provide codes only on devices which have previously been linked to the application. Additional devices cannot be added without first gaining access using a previously linked device.
So why don’t we integrate with these apps in Exodus?
Imagine for a moment you live in a high-rise apartment building, and your unit is kept secure by a lock for which only you possess a key. After a wild night celebrating your crypto gains, you find yourself locked out- with no key to be found.
In this scenario, the likely next step would be to contact the management of your building. Aside from profusely apologizing to the maintenance technician you just awoke, there is likely not much more you need to do than prove who you are and why you should be granted access to the locked unit.
The same concept applies to the online systems of banks as well as crypto exchanges that maintain custody of your funds. While 2FA methods can act as an effective deterrent for attackers, depending on the circumstances and what alternate proof of ownership you posses, it’s more than likely possible to get the building manager to let you in the door.
The Gatekeeper’s Dilemma
With locally-stored software such as Exodus, however, the story is a bit different. Since the wallet creates, encrypts and stores all information on your local system, any linked 2FA method would be required to gain access to your wallet. If this 2FA method is your smartphone, access to your Exodus wallet is reliant entirely on your possession- and the function- of that phone. There is no building manager in this scenario. Without your 2FA device, you’re standing outside a locked building, for which only you possess (or did possess) the key.
While the above is an example of 2FA leading to an environment that is too secure, there is another side to the (bit)coin which allows even the most advanced of 2FA systems to be bypassed.
Leaving the Back Door Open
Software wallets that allow control of your private keys, such as Exodus, often provide a 12 or 24 word phrase that is a mnemonic representation of those keys. In the event you lose access to your install of Exodus for any reason, you can quickly restore it by inputting your 12 word phrase. In fact- due to the standardization of this format for transmitting private key information- you can even import your Exodus-created wallet right into another supported wallet platform.
Based on the above, you may see where the glaring security hole lies. With access to your 12 word phrase, an attacker could simply restore your wallet into another install of Exodus or similar software, and bypass any established 2FA method all together. The power behind these 12 magical words are why it’s incredibly important to guard them closely.
What it All Means
To implement an effective 2FA system for Exodus, we would need to achieve the following: a reliable backup that doesn’t require sharing user data, as well as a way to prevent malicious restoration using the 12 word phrase- all while ensuring that you maintain full control of your funds. It’s a difficult equation for which current technology hasn’t yet given us an answer- which is why 2FA isn’t in Exodus. This hasn’t stopped us from continuing to research new, emerging security technologies and alternate methods to help you closely guard your funds.
These reasons- as well as some of the other vulnerabilities associated with software wallets- are precisely why we do not recommend storing large amounts in Exodus. A Hardware Wallet- such as a Ledger, Trezor or KeepKey, acts as a physical, offline 2FA device- with the added advantage of having sensitive data restricted to the device itself. These devices provide the custodial advantage of locally-stored wallet data, while ensuring only the individual with both the password and physical possession of the device can gain access.
So, while 2FA remains on our roadmap- we need to be sure we implement it in a way that keeps the wrong people out and lets the right people in. Current 2FA technology hasn’t quite gotten us to that point yet- but there’s no doubt that it will at some point in the future.
Please reserve the Medium comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to: email@example.com