Would it be possible to add 2FA (Authenticator, Yubikey,...) to the Radix Wallet for logging-in and withdrawing?

Fab31t · 27 December 2021 23:18

Waiting for the Ledger App to get validated, would it be possible to add 2FA (Authenticator, Yubikey,…) to the Radix Wallet for logging-in and withdrawing? Thank you

Stuart · 28 December 2021 00:11

Two Factor authentication is most useful when you are interacting with a remote service - eg. Performing a login to a web server, approving a withdrawal from an exchange wallet. The idea is that even if someone knows your password (something you know), they still need an additional factor (something you have) in order to succeed.

For the Radix Desktop wallet, if someone has physical access to your pc, they can take a copy of your wallet.json file that contains an encrypted version of the seed that is used to generate all the private/public keys for your wallet. The cipher text is a static value that is encrypted using AES-256-GCM. The security of that encrypted value is wholly dependent on the strength of your password/passphrase (and the cryptographic resistance of the AES cipher to attack). There is no dynamic element to the encryption of this value.

In other words, a one time password (TOTP) or hardware device that generates a one time value is not applicable. The Radix Desktop Wallet does have a pin that you are required to enter to approve the transaction - but this is more of a “speedbump” to prevent your cat from accidentally emptying your wallet while walking across the keyboard while your desktop wallet is unlocked.

The thing that makes hardware wallets secure is that:

The device stores the private keys in a secure element in hardware on the device.
The device executes all of the signing operations on the device itself so that the private key never has to leave the device.

This is why you need to load an app onto the device to execute the signing algorithms and also why it goes through a comprehensive code review by LedgerHQ before it is “blessed” and made available on Ledger Live.

TLDR; Choose a strong password/passphrase for your Radix Desktop Wallet. Ensure the physical security of your PC.

PS: If you have a Ledger Nano S you can sideload the Ledger Radix App onto it now. Otherwise you’ll need to wait a bit longer for the Radix App to be approved so that it is available on Ledger Live.

PPS: To answer your specific question - It is extremely unlikely there will by 2FA for the current Olympia Wallet. It is also doubtful that is will be implemented in the next wallet either - but…

Fab31t · 31 December 2021 09:42

Thank you. All clear

PS: I would appreciate that LedgerHQ validate the Radix App ASAP