12 characters are not enough to defend you, I think Jezus Christ and his posse proof that. But more on the serious note. I would really like to see the Counterparty wallet have 2FA from Google or Authy. It just adds another layer of security and to be honest this is what my customers are asking. I don’t really see a problem in adding 2FA to the counterparty wallet, because people who don’t want to activate it don’t have too.
With Coinprism you can do a crowdsale of your asset. But what puzzles me is that your crowdsale can only be done with bitcoin. So if I want to sell my asset for a fixed fiat price it’s impossible with Coinprism. I wonder if you can set a asking price in fiat and get paid in XCP, BTC?
2FA is a centralized service; Counterwallet is meant to be decentralized.
It was suggested that multi-sig is being implemented into Counterwallet in the future, though that was 12 months ago; I don’t know where that’s upto. This would act as a decentralized 2FA. You would then be able to set up 2-of-2 addresses to additionally secure your funds.
I think what might happen with the countewallet service is that it will kind of just stay the way it is for now and it is up to the community to create new wallets to use counterparty tokens with. You are already seeing things like IndieSquares mobile app and the Tokenly Pockets google extension. Eventually, someone will make a wallet service that does not use the 12 passphrase mechanism as this is not a requirement for counterparty wallets
But the GUI and passphrase on Counterwallet is good enough for a starter wallet, i would like to see some stability issues resolved though
How can a Counterwallet instance know which 2FA identity is tied to which wallet?
If I have your pass phrase, I absolutely don’t need 2FA to access your wallet. I can install CW on my notebook and access your wallet without any problem.
The probability of stumbling on 12 characters is orders of magnitude different from words. I thinking of a word, can you guess what it is? Just do the math of guessing one and multiple that 12 times over.
That’s certainly possible, but you’d have to ID yourself in some way (e.g. by leaving a phone number), and then whoever hosts that Counterwallet instance becomes a service provider and has a whole lot of added responsibilities.
Yes, but 2FA doesn’t help you.
Remember, I don’'t care to log on to your site with 2FA. I just need your pass phrase.
What you’re asking is for a whole different thing - that counterwallet.io manages your account and that in order to access it you ID yourself and use a 2FA authentication. You would not have access to your private keys or pass phrase in that case.
Some projects did provide that kind of service (e.g. Koinify had a system that used to manage GETGEMZ on users’ behalf using a similar approach) so it’s certainly doable, but that is not just 2FA to a wallet, it’s a whole different thing that means a ton of regulation.
If you want to be secure from key loggers and such, you can deposit your critical (significant) assets to a multisig address and sign transactions on 2 different h/w systems, and/or use Armory (cold wallet). I think these are the main 2 alternatives for people who need more security. Pocket change in one wallet, long term holdings in another.