509
2FA / MFA options
in progress
r
randomrabbit
Why is this taking so long; a feature request from 2021 still hasn't been completed and it's probably the single most important feature you could add. Literally right now if someone has your password or you have a data breach they could access ANY information about your wallets. This needs to get sorted; I will no longer use Koinly until it is fixed.
F
Fasdgs
randomrabbit: taking long because it is not as much security threat as you think.
C
Charles Round-Turner
randomrabbit: Agreed. 2FA should be standard in any online entity, especially in web3. Please fast-track this Koinly!
C
Charles Round-Turner
Hmm, disagree. Even though most stuff is on-chain & publicly visible, you still don't want just anyone snooping into your total crypto portfolio... You can still hide stuff from the public, without hiding it from the tax man.
C
Chad
Yubikey (and the like) and OTP...
No SMS nonsense... why SMS is still used is beyond idiotic.
V
Vladimir
please support yubikey
d
d
C
Chad
d: biometrics are inherently flawed and invasive. Sure they provide a (false) sense of security, but actual security is very limited and only to a point of being in an honest and just world (which we don't live in: government is just as much a threat as a regular criminal, not that there is much difference between the two anymore), but easier to coerce/extract "out of" someone.
Such tech is bipassable, several very simple hacks are easily found with a simple search.
With facial recognition, someone merely has to get your face in view of the camera in some fashion... even a good make-up artist (ie make a mask) can fool the system. Facial recognition even fails by use of high quality pictures and deep fakes, there are multiple articles and research studies done on this. I have even had the system fail to recognize me just because I grew facial hair, and fail again after retraining and shaving.
With fingerprint, someone merely has to knock you out, tie you up, cut off the finger, lift the fingerprint from something, etc.
In court? Very easy to force you to unlock the device under either method of faux "security".
Now, if you want to use such horribly flawed and invasive (do you really trust entities like Google, Apple, etc to keep biometric data secure? Biometric data has been hacked and stolen in past and you never know what their OSes/devices are sending in the background or who they are giving it to) tech, by all means, do so at your own risk. But be aware of the downsides and the reality of their (in)effectiveness.
Much better to stick with knowledge (pin/password) + device based (ie yubikey) + OTP security. Neither being useful without the other. Both destroyable/forgotten.
A "sense of security" is not the same as actual/real security. You can "feel" safe all you want, doesn't mean you actually are.
N
Nicholas
When this is implemented, please support multiple MFA devices at the same time. I like to use TOTP as the main option, and have fido U2F as a backup if I lose my app. Ledger supports acting as a Fido device so it is backed-up with your seed phrase. Don't go the lazy route and only support SMS for 2fa, it's outdated and insecure
F
Fasdgs
Nicholas: Correct. Forced SMS auth = switching from Koinly. 0 need to store your phone # here.
Optional 2fa that i can use on any app, fine.
P
Petur
P
Petur
in progress
This is now being actively worked on
F
Fasdgs
Petur: Please make sure its typical 2fa and not SMS. And needs to work on multiple apps like Authy bitwarden etc! Lastly OPTIONAL!!!!!!!
P
Petur
Arte
Merged in a post:
Trustless Login & 2FA
C
Chad
Being that we are talking about crypto and thus finances here. It makes little sense that trustless logins are not in use. Whether that be using ONT.ID, unstoppable domain login, or other crypto ID solution.
Despite only being readable access, the information that is contained on here alone is enough to do massive harm.
Also, we are talking finances here, even the amounts of transactions are sensitive. 2FA is essential. Yubikey is an excellent option.
R
Raja shing Raja shing
Raja shing
Load More
→