Security question

So I’m concerned that my computer might have a screen and or key capture virus on it (no sign of this just paranoia), what will prevent a hacker from taking my private key for my extension? since it was displayed at one point. Is there a mobile 2fa for the main-net? Also any other tips/thoughts?

We always recommend offline backup of keys (like on printed or written paper).

If you computer has been contaminated with screen or key capture it means a virus was able to alter the register and have a executable in your machine, there is no protection strong enough if you access any wallet - you should clean it urgently.

Usually Chromebooks, iPad and Windows 10S are easy to use and of better security profile.

Will it be possible to use U2F in some way to help address this kind of issue?

U2F solves phishing by binding the authentication to the SSL certificate of the domain. That doesn’t avoid that a local executable reads memory allocated from another process.

But yes, we do plan to support U2F in a future upgrade as WebAuth is being implemented in most browsers, MVP is using TOTP still.

1 Like

Awesome, thanks for the clarification and quick response!

I know that you said ledger is not compatible with your code, however, can you use it as a U2F to login to the extension? And is there a prevention for what I mentioned? Also, if I have a fresh pc is it possible to generate a new private key? Would like to be safe.

So if i have a fresh pc can I get new keys for my kyc account somehow?
Need to know so i can order a fresh hard-drive for an old laptop i have collecting dust

You can generate a new wallet on that computer and transfer funds to it. I would do both the transfer and the new wallet generation on the clean machine (not access the wallet on a machine I suspect has been compromised).