Two-factor authentication (2FA) is a proven online security measure, and the technology is now used as an additional transaction signing measure on the MultiversX blockchain protocol.
MultiversX CEO Beniamin Mincu unveiled the new protocol guardian service during a chat with Cointelegraph. The feature uses Google Authenticator, Authy, Duo, Microsoft Authenticator or biometrics to provide a second signature for transactions before they are processed on-chain.
Mincu describes the novelty of the approach, which allows users to use transactions and protected accounts to act as a secondary security mechanism:
“What the channel sees is a protected account, if the feature is enabled, and for this account it requires any outgoing transaction to have two signatures, one from the account owner and the second from the guardian, through a protected transaction. ”
The tutor service requires users to create a tutor address to provide 2FA controlled signatures. Part of the registration process sees the wallet prompting the user to complete the registration by issuing a transaction on the MultiversX network, which will set the address generated by the service as guardian for their account.
Once an account has become on-chain protected, user-initiated transactions require both user and guardian signatures. A valid guardian signature for the user’s transaction will be provided by the guardian service whenever a user with a protected account sends a transaction from their wallet and provides a valid 2FA code.
Related: The Danger With Google’s New Cloud Backup for 2FA Authenticator
Although 2FA does not take place strictly on-chain, transactions require the execution of authentication codes. Mincu added that the approach of 2FA protection built into the protocol has yet to be implemented by other protocols.
“Unlike existing solutions that provide additional protection for wallet accounts, Guardians do not require storing more private keys and do not add additional fragility to the backup scheme, which pose significant trade-offs and hurdles for the users.”
Many cryptocurrency wallets and exchange services use 2FA as an additional measure to confirm user logins and transactions at the application level. However, Mincu believes that the fundamentals of the MultiversX tutor approach are possible on other blockchain protocols:
“The concept of using a device-based authenticator to enable 2FA protection could certainly cause a paradigm shift within our industry.”
Mincu added that the additional security should not come at a cost to user experience and should aim to add minimal friction to signing transactions.
Two-factor authentication has been a fixture in the cryptocurrency space for years, with exchanges like Kraken making the additional security measure mandatory for its users in 2019 to secure login attempts.