1. Home
  2. two-factor authentication

two-factor authentication

Crypto losses reach $1.19B in H1 2024: CertiK calls for better security

The CertiK report shows that phishing attacks led to nearly $498 million in losses, emphasizing the urgent need for enhanced security measures like 2FA.

The latest CertiK Web3 Security Report reveals that $1.19 billion has been lost to onchain security incidents in the first half of 2024, prompting the need for improved security measures.

The report highlights that most of the losses were attributable to phishing attacks and private key compromises, with phishing attacks accounting for almost $498 million.

In a written Q&A with Cointelegraph, Ronghu Gu, co-founder of CertiK, articulated the need for multifactor authentication, such as two-factor authentication (2FA) and “security keys.” 

Read more

4 more virtual asset trading platforms licensed in Hong Kong

MultiversX launches on-chain two-factor authentication standard

Blockchain protocol MultiversX has implemented a novel two-factor authentication mechanism to add additional security to its network.

Two-factor authentication (2FA) is a tried and tested online security measure, and the technology is now being used as an additional transaction signing measure on MultiversX’s blockchain protocol.

MultiversX CEO Beniamin Mincu unpacked the protocol’s new guardian service in conversation with Cointelegraph. The feature makes use of Google Authenticator, Authy, Duo, Microsoft Authenticator or biometrics to provide a second signature for transactions before they are processed on-chain.

Mincu outlines the novelty of the approach, which allows users to make use of guarded transactions and accounts to act as a secondary security mechanism:

“What the chain sees is a guarded account, if it has the feature activated, and for that account, it requires that any outgoing transaction carry two signatures, one from the account owner and the second one from the guardian, through a guarded transaction.”

The guardian service requires users to create a guardian address to provide 2FA-controlled signatures. Part of the sign-up process sees the wallet prompt the user to finalize the registration by issuing a transaction to the MultiversX network, which will set the service-generated address as a guardian for their account.

After an account becomes guarded on-chain, transactions issued by the user require both the user’s and the guardian’s signatures. A valid guardian signature for the user transaction will be provided by the guardian service whenever a user that has a guarded account sends a transaction from their wallet and provides a valid 2FA code.

Related: The danger with Google’s new cloud backup for 2FA authenticator

While 2FA does not strictly take place on-chain, transactions require authentication codes to be executed. Mincu added that the approach to 2FA protection embedded in the protocol is yet to be carried out by other protocols.

“As opposed to existing solutions that provide extra protection for wallet accounts, Guardians don’t require storing more private keys and don’t add additional fragility to the backup scheme, which are important tradeoffs and barriers for users.”

Many cryptocurrency wallets and exchange services tap into 2FA as an added measure to confirm logins and user transactions at an application level. However, Mincu believes the fundamental principles behind the MultiversX guardian approach are possible on other blockchain protocols:

“The concept of using a device-based authenticator to enable 2FA protection could certainly cause a paradigm shift within our industry.”

Mincu added that additional security should not come at a cost to user experience and should be aimed at adding minimal friction to transaction signing.

Two-factor authentication has been part and parcel of the cryptocurrency space for years, with exchanges like Kraken making the added security measure mandatory for its users in 2019 to secure logins attempts.

Magazine: Experts want to give AI human ‘souls’ so they don’t kill us all

4 more virtual asset trading platforms licensed in Hong Kong

How to protect your identity online

Strategies like using strong passwords, enabling 2FA, avoiding phishing, using VPNs, keeping software up-to-date and using reputable antivirus may help one against online fraud.

In today’s digital age, protecting one’s identity online is more crucial than ever. The internet has facilitated communication and information sharing between people, but it has also facilitated identity theft and the theft of personal data by hackers. This article will go through some practical strategies for protecting your online identity.

Use strong passwords

The first step in securing one’s online identity is to use strong, one-of-a-kind passwords. A strong password should be at least eight characters long and include a variety of symbols, numbers, upper- and lower-case letters, and other characters.

Don’t use terms and phrases that are widely used and simple to guess, such as “password” or “123456.” Likewise, refrain from using the same password across other accounts. All of your other accounts could be compromised if hackers get access to your common password.

Enable two-factor authentication

By requiring a special code in addition to a password, two-factor authentication (2FA) gives an account an additional layer of security. This code is produced by an application, distributed over SMS or email, and is only functional for a brief time. Without the special code, a hacker won’t be able to access the account, even if they know the user’s password. Any account that holds sensitive data should employ 2FA, and there are several types of 2FA available, including hardware-based, app-based and SMS-based.

Related: How to mitigate the security risks associated with crypto payments

SMS-based 2FA sends a unique code to a user’s mobile device via text message. App-based 2FA requires the user to download an app that generates a unique code. Hardware-based 2FA uses a physical device, such as a USB key or smart card, to generate the unique code.

Avoid phishing scams

Cybercriminals frequently use phishing scams to acquire personal information and endanger users’ online identities. Users should be cautious of suspicious emails, confirm the sender’s identity, avoid clicking on links or downloading attachments, use anti-phishing software, and turn on multi-factor authentication to secure their online identities.

By implementing these safety measures and being wary of any unexpected emails that request personal information or contain strange attachments or links, users may stay safe online.

Use a virtual private network (VPN)

Using a virtual private network is an effective way to protect online identity. A VPN makes it more difficult for anyone to intercept or see a user’s online activities by encrypting their internet traffic and routing it through a distant server. When accessing public WiFi networks, which are susceptible to hacking and eavesdropping, a VPN is extremely crucial.

With a VPN, users can ensure that their online activity remains private and secure. Users should pick a trusted provider with a strict privacy policy and consistent performance among the various VPN services that are readily available. 

Keep your software up-to-date

Outdated software may have security flaws that hackers can use to access a user’s device or personal data without authorization. Security patches that fix known vulnerabilities and enhance overall security are frequently included in software upgrades.

Therefore, users should frequently check for and apply software updates for their operating systems, online browsers and mobile apps on all of their devices. Additionally, it’s critical to avoid running outdated or unsupported software, which may not be receiving security updates, and to only obtain software from reliable sources.

Related: 17 biggest crypto heists of all time

Use a reputable antivirus program

Using a reliable antivirus program is a crucial first step in online identity protection. Malware, spyware and other forms of dangerous software that can jeopardize a user’s online security can be found and eliminated by antivirus software. Additionally, it can offer real-time protection against new and developing risks and aid in the defense against phishing schemes and other types of cyberattacks.

The antivirus software should be chosen by users from a reliable vendor, and users should keep it updated with the newest virus definitions and security fixes. Additionally, it’s critical to routinely check devices for malware and unusual activity and to eliminate any risks that are found.

4 more virtual asset trading platforms licensed in Hong Kong