Additional security measure

Robin · May 5, 2019, 6:24pm

It would be nice if there would be an additional security measure (optional) for fund transfers. Imagine someone hacks my account and then wants to send all my NIM to his address… It would be nice if there would be an additional confirmation required (E-Mail or SMS) in order that this wouldn’t be possible to do.

Further, the user should be able to set a NIM amount limit for the activation of that additional security measure. For Instance:

Withdrawals <5000 NIM -> No EMail/SMS confirmation required
Withdrawals >5000 NIM -> EMail/SMS confirmation required

Stefan · May 5, 2019, 9:19pm

I like the concept. Adding such extra layer to make it harder if a bad person gets his hands on your private keys. Problem is that you have to rely on a service.

Of course this extra security layer can’t be part of the core library of Nimiq. But such a service can be build, and already exists for other coins, with multi signature wallets. Multi signature wallets do already exists in the Nimiq library.

A way you could approach it is:
You create a multi signature wallets that needs two signatures to sign a transaction. 3 keys get generated:

One being held by the service
One being held by the user and is easy accessible
One being held by the user but stored in a vault as back up

If you want to sign a transaction, you use the easy accessible key. Then the service sends you an email/sms to verify it’s you. If you successfully identify, the service will sign the transaction as well. This will reach the minimum of 2 signatures to make the transaction valid.

Robin · May 5, 2019, 9:41pm

Oh cool, almost forgot about the roadmap entry for multisignature accounts cool, I‘m really looking forward to it. Better have multiple security layers than just one

Gr1mB3an · May 6, 2019, 3:17am

I think 2FA is what you are looking for. An added layer of protection. It could be an opt in feature that a user can choose to enable.