I just had my wallet siphoned off! – A sentence that you may (probably even) have already read on a few social networks or discussion channels. A stranger, or someone you know, has just been victim of a hack or scam. And, it is naturally that you advise him invest in a hardware wallet in order to protect this person from phishing attempts! But then, why not apply the same degree of security to all your accounts?
The principle of double authentication (2FA).
The idea of this type of key is simple. To access your account, you need to know your username and password. In order to guard against a weak password or a security breach in the service to which you are connecting, more and more sites and applications allow you to add thedouble authentication postman (Where 2FA in English and abbreviated) to your account. The security of your accesses is thus optimized.
You, the savvy reader, won’t need a long explanation of 2FA. So let’s just remember that it’s a matter of entering a random authentication code provided by a channel other than the one you use to connect. So that, the code changing every 30 seconds, it is iimpossible for a third party to access your account even if he was able, at the turn of a security breach, to recover all of your identifiers.
It is on this principle that is based strong authentication » put in place by all local banks in order to secure payments on the Internet.
But what many still do not know is that there are several methods and several degrees of security in 2FA protocols.
>> Safety is the basis! To keep your cryptos close to you, trust Ledger (commercial link) <<
What are the main methods of 2FA?
The best known, because the oldest, is SMS verification. The principle is simple, a code is sent to you by SMS with each connection or payment attempt. This method is easy to set up, but it is subject to numerous security vulnerabilities (simswap). This justifies its gradual disappearance.
The cheking process ” inapp via a third-party application that generates the authentication code.
The best known applications are Google or Microsoft Authenticator. However, the most advisable is authy if you wish to escape the eye of the GAFAM.
However, as your browser saves (in order to prevent you from having to re-authenticate on each new page visited) the authentication token once the code has been entered by the user, thes two methods described above are susceptible to certain phishing attacks. Indeed, hackers can register a domain name approaching that of the site on which you intended to go, then send you back to the right site while capturing, via a proxy (the fake site on which you previously clicked) all your information. of authentications. An excellent paper on the subject is available on the site breakdev.org for the more English-speaking among you.
Finally, and this is the whole purpose of this article, there are security keys ” physical or authentication key, which, like your favorite hardware wallet, requires interaction with a “cold” device (not connected to the internet). Using this type of key protects you from the vulnerabilities mentioned above.
Physical authentication is a security obligation
There are many authentication keys and it is up to you to determine which one will be the most adapted to your use depending on whether you are looking for a key:
- In USB 2.0 or USB-C;
- With or without NFC;
- With or without biometric authentication;
- Compatible with your crypto exchanges or only other applications.
Let’s say, for example, that you have installed a Yubikey to log in to your Binance, Kraken or Kucoin account:
1/ You go to the Binance authentication page and connect your key to your device;
2/ You fill in your username and password, as usual;
3 / You are asked to enter a PIN code that you have previously defined;
4/ Once the PIN has been validated, you will have to exert physical pressure on the key (or identify you via your fingerprint if it manages biometric control) and it is this action that will generate the authentication token that will allow you to connect.
That add indeed one more security layer, and therefore cumbersome access to your accounts. But anyone with a substantial sum on a crypto exchange or who has saved important passwords in their CDM management utility will necessarily gain in security following the adoption of this new tool.
In order to avoid any unfortunate blocking of your accounts, it’s a good idea to save multiple authentication keys for each of the services you use. You will have more peace of mind in the event of loss or theft of your first key.
Obviously, adding a physical security key does not eliminate the risk of service failure or exchange that you use. I cannot therefore strongly advise you to hold both a physical authentication key and a hardware wallet to best protect your crypto purchases.
Disasters and hacks don’t just happen to others! It is better never to entrust the security of your cryptocurrencies to a third party. To sleep with peace of mind, equip yourself with a Ledger secure hardware wallet, there is something for all budgets. Your security is priceless (commercial link).