Develop a Nash app for the Ledger hardware wallets that encrypts the individual keys within each users keyfile, the user is then required to decrypt each key using the Ledger-Nash app each time a transaction needs to be signed. Now when the users credentials and OTP are compromised an attacker only has access to a keyfile full of encrypted keys and will have to buy a $5 wrench and be in the same physical location as the user and their hardware wallet to gain access to their funds.
The team has already stated that the hardware wallets currently available don’t support private key generation using the same methodology that Nash does and although we’ve got support for OTP 2FA and @canesin has already indicated the team plan to support U2F using Yubkey or something similar here and here I think there might be a middle-ground alternative.
Trezor has a password management solution that uses the hardware wallet to encrypt a keyfile that stores all your passwords, within that keyfile each password is individually encrypted so for a user to access their password they must first use their Trezor to decrypt the keyfile and then a second time to decrypt the individual password they want to use.
I think it’s possible for Nash to apply a similar solution; if I understand correctly Nash keeps an encrypted copy of each users keys which is only decrypted in the users browser when they interact with the exchange. Following the same pattern explained above Nash could allow the user to use a hardware wallet to encrypt the individual keys within the keyfile. The user would then be required to use their hardware wallet to decrypt the necessary key each time a transaction requires signing, once signed the decrypted key is then removed from memory. Assuming the user’s machine is compromised when they login to Nash an attacker would have access to a decrypted copy of the keyfile however if each key is individually encrypted using the users hardware wallet an attacker would only be able to access decrypted keys if the user attempts to sign a transaction.
Trezor doesn’t seem to be very open to collaborating with third parties however Ledger is quite open to having third parties develop apps for their wallets. I’m aware that Bitcoin support is the number one priority right now and agree that the team should be pushing for that goal as quickly as possible but when the team does have some time I think it’s worth allocating some to developing a “Nash” app for the Nano S/X.