Reddit Posts
Bitcoin security basics explainer (exchange, LN, HW, security)
Bitcoin security basics explainer (exchange, LN, HW, security)
Mentions
OFFTOP: Is anyone looking into a FIDO key like this anytime soon? Sadly, they don’t design custom or more decent ones unless I’m missing the point of primary use. This 2-step authentication process should be easier and more convenient IMO. Shop links are so much appreciated in advance.
tldr; A scammer attempted to hijack a Kraken crypto account by wearing a rubber mask of the victim during a video call with a support agent. The attempt failed as the mask was easily identified as fake, and the attacker couldn't provide accurate account details. Kraken's Chief Security Officer, Nick Percoco, highlighted the importance of security measures like two-factor authentication and using FIDO2 passkeys to protect against such scams. He also noted that some exchanges might not have the same security diligence as Kraken. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
tldr; Recent research by Thomas Roche from NinjaLab has identified a vulnerability, named EUCLEAK, in secure devices like electronic passports, Yubikey 5, and hardware wallets such as the Trezor V3. This vulnerability, present for over 14 years, allows attackers to extract private keys from devices using the Infineon SLE78 chip if they have physical access for five minutes and can use the device to generate signatures. The attack requires opening the device and advanced equipment worth about $10,000. The practical impact of this vulnerability varies, with hardware wallets and FIDO 2FA devices like Yubikey being notably affected. The vulnerability also raises concerns about the integrity of secure attestation protocols, potentially allowing attackers to simulate secure devices and undermine systems that rely on device authenticity. This poses a significant risk in scenarios like multi-sig federations and could enable the production of counterfeit devices that bypass authenticity checks. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Companies have shown off cameras that have such good zoom they can take your fingerprint from 100m away. Biometrics are an easy to steal piece of data, and you can't change it. So they make poor secrets / passwords / logins. To make a secure key you need good quality entropy (randomness) to generate strong un-guessable keys. Biometrics are useful as a way to add a layer of security as a roadbump to access strong keys. E.g. your thumbprint login on your phone or FIDO key.
That’s totally valid. It looks like the smart wallet supports passkeys based on the FIDO2 webauthn standard, so hardware security keys (eg yubikey) and cloud-synced password managers with passkey implementations are both supported. I was able to create a smart wallet with 1Password here: https://wallet.coinbase.com
Thanks! Not sure what FIDO/U2F keys are, but set up 2FA and passkey. Since you are in IT, would you be able to give insights on how they gotten into my email as well?
Yeah you got phished. We deal with this literally all day everyday in my IT dept. Setup 2FA and you won't have to deal with this. If you REALLY want to be secure, use FIDO/U2F keys. Pretty much the ultimate secure solution.
From what I understand FIDO2 should make you safe against phishing attack. Kraken does support FIDO2 but only for sign-in (not for trade 2FA for example). Google Auth and Yubikey OTP aren't protected against phishing attacks.
This is the best answer and I’m shocked there is only one comment talking about that. And yes, 2 different keys are a must, that way you have a backup if you lose one. You can buy Yubico Security Keys which are half the price of Yubikeys and works in 99% of the cases. The exception was Kraken, they’re using OTP instead of FIDO for what they’re calling the master key, but for a few weeks now you can use multiple login keys so no need for the master key anymore. And don’t forget to also secure your email account.
RETRO [GO], FIDO [GO], Guidance [GO], Control [GO], TELCOMM [GO], GNC [GO], BITCORN [GO]
I’ll give an example from years ago. I bought a stock/GNTX. I rode it thru multiple splits and had a low basis. Hadn’t bought any for a couple of years and saw an extreme under value. Bought a large amount and sold that amount about 6 months later. I pd a higher tax rate on the sale of that 1000 shares but I paid less taxes because my cost basis was $20 (LIFO) vs $2 (FIDO) Example…I sold at $30. $10 profit per share vs $28 profit per share. See the #’ difference?
I got a google FIDO key. It does bluetooth in limited circumstances and additionally I plugged in one of those magnetic cable connectors. Pretty convenient.