When it comes to the world of digital currency, and pretty much finance in general, user security is a key element, If you operate a service dealing with funds, or more specific, other people’s funds, you have to make sure your system is secure.
In order to provide user security, there are a lot of ways to achieve this goal. Backend security is one thing, but you want something to confirm the user’s identity as well. A username and password is a decent start, but it is far from adequate.
Plenty of services, and in this case digital currency exchanges, have two-factor authentication enabled. Not just because it is both easy and cheap (if not free) to implement two-factor authentication, but it also protects your users’ funds.
The question arises then as to why certain digital currency platforms, in this case most exchanges specifically, do not make two-factor authentication mandatory. Sure, you can activate it once you are logged in, but by that time the damage could be done already.
Granted, there are ways to create an incredibly difficult password to brute force, thanks to tools such as LastPass. I use LastPass myself, and I absolutely love it. Also because it is available on each and every device I use, which makes it even better.
However, when I login to online digital currency services, I do expect to have a field for a two-factor authentication code before being able to access my account. It just adds that extra level of security.
Speaking of two-factor authentication, a lot of services are using Google Authenticator. As this is a free piece of software, that is a great solution. However, maybe it is time to look at other alternatives as well.
Not necessarily to replace the Google Authenticator system, as several two-factor authentication systems can peacefully co-exist. A while ago, I did an article on MePIN, a company offering two-factor authentication through multiple means. You can check out the article here.
So please, digital currency platforms, make two-factor authentication opt-out instead of ot-in. Take your users’ security more seriously, and they will reward you in the end. Your reputation is on the line too , in a way.
What do you guys think? Should two-factor authentication become mandatory when using digital currency platforms? Or do you prefer the system the way it is? Leave your feedback in the comments below!