Security question

(Cammofunk) #1

So I’m concerned that my computer might have a screen and or key capture virus on it (no sign of this just paranoia), what will prevent a hacker from taking my private key for my extension? since it was displayed at one point. Is there a mobile 2fa for the main-net? Also any other tips/thoughts?

0 Likes

(FCC) #2

We always recommend offline backup of keys (like on printed or written paper).

If you computer has been contaminated with screen or key capture it means a virus was able to alter the register and have a executable in your machine, there is no protection strong enough if you access any wallet - you should clean it urgently.

Usually Chromebooks, iPad and Windows 10S are easy to use and of better security profile.

0 Likes

(Cypher Investor) #3

Will it be possible to use U2F in some way to help address this kind of issue?

0 Likes

(FCC) #4

U2F solves phishing by binding the authentication to the SSL certificate of the domain. That doesn’t avoid that a local executable reads memory allocated from another process.

But yes, we do plan to support U2F in a future upgrade as WebAuth is being implemented in most browsers, MVP is using TOTP still.

1 Like

(Cypher Investor) #5

Awesome, thanks for the clarification and quick response!

0 Likes

(Cammofunk) #6

I know that you said ledger is not compatible with your code, however, can you use it as a U2F to login to the extension? And is there a prevention for what I mentioned? Also, if I have a fresh pc is it possible to generate a new private key? Would like to be safe.

1 Like

(Cammofunk) #7

So if i have a fresh pc can I get new keys for my kyc account somehow?
Need to know so i can order a fresh hard-drive for an old laptop i have collecting dust

0 Likes

(FCC) #9

You can generate a new wallet on that computer and transfer funds to it. I would do both the transfer and the new wallet generation on the clean machine (not access the wallet on a machine I suspect has been compromised).

0 Likes