Additional security measure

It would be nice if there would be an additional security measure (optional) for fund transfers. Imagine someone hacks my account and then wants to send all my NIM to his address… It would be nice if there would be an additional confirmation required (E-Mail or SMS) in order that this wouldn’t be possible to do.

Further, the user should be able to set a NIM amount limit for the activation of that additional security measure. For Instance:

  1. Withdrawals <5000 NIM -> No EMail/SMS confirmation required
  2. Withdrawals >5000 NIM -> EMail/SMS confirmation required
3 Likes

I like the concept. Adding such extra layer to make it harder if a bad person gets his hands on your private keys. Problem is that you have to rely on a service.

Of course this extra security layer can’t be part of the core library of Nimiq. But such a service can be build, and already exists for other coins, with multi signature wallets. Multi signature wallets do already exists in the Nimiq library.

A way you could approach it is:
You create a multi signature wallets that needs two signatures to sign a transaction. 3 keys get generated:

  • One being held by the service
  • One being held by the user and is easy accessible
  • One being held by the user but stored in a vault as back up

If you want to sign a transaction, you use the easy accessible key. Then the service sends you an email/sms to verify it’s you. If you successfully identify, the service will sign the transaction as well. This will reach the minimum of 2 signatures to make the transaction valid.

5 Likes

Oh cool, almost forgot about the roadmap entry for multisignature accounts :slight_smile: cool, I‘m really looking forward to it. Better have multiple security layers than just one

I think 2FA is what you are looking for. An added layer of protection. It could be an opt in feature that a user can choose to enable.

1 Like