Does Exodus support 2FA?
Exodus supports additional protection of your funds with a hardware wallet. This allows you to retain full control over your funds without relying on third-party approval.
At Exodus, we strive to provide a simple, secure method for storing and using our in-app exchange feature of your crypto assets. Out of all the exciting feature requests, one of the most highly requested is the addition of two-factor authentication or 2FA. It makes sense too. This is a well-known and popular security feature used by websites and web-based apps. While it may seem like a simple (and obvious) security addition, it is not feasible to implement traditional 2FA in non-custodial wallets like Exodus.
This article focuses on traditional 2FA, why it doesn't work with local apps like Exodus, and our approach to solving this.
In this article:
- The Exodus approach
- Two-factor authentication
- Why doesn't Exodus integrate with authentication apps?
- The gatekeeper's dilemma
- Leaving the back door open
- What it all means
The Exodus approach
To address the security concerns raised by customers requesting 2FA, we went a step further and implemented support for hardware wallets by partnering with Trezor. This maintains our ethos of putting you in direct control of your wealth and avoids being subject to third-party approval to access your funds. The security of Trezor, combined with the design of Exodus, makes advanced security easy and accessible to even the newest users.
Hardware wallets are immune to malware and viruses. They do not disclose your secret 12-word secret recovery phrase or your private keys to your computer. They require you to confirm the spending of your funds on the device itself and have the device on hand. In other words, all the sensitive data that gives you control over your funds is restricted to the device itself and never leaves it, which makes hardware wallets the most secure way to store large amounts of crypto.
These devices provide the advantage of locally-stored wallet data while ensuring only the individual with both the PIN (sometimes, an extra password) and physical possession of the device can gain access.
2FA is present in many of the apps we use today and has become virtually standard for applications dealing with finance. Put simply, 2FA requires information from an additional linked device in order to allow access to the account or device in question. In many cases, this will be a smartphone using SMS or an authentication app such as Authy or Google Authenticator, but it can be anything from a digital ID card to biometric data like a fingerprint or iris scan. This extra verification step means the user must have access to both pieces of the authentication puzzle, making it much harder for anyone other than the account owner to access sensitive information.
The rapid adoption of the modern smartphone has proven instrumental in the development of 2 Factor Authentication. When implementing 2FA, developers can now safely assume the majority of users will have a high-powered computational device on them at all times which can serve as their authenticator. By utilizing a device that is already part of our everyday lives, 2FA can be implemented on a much wider scale.
However, there are serious limitations to the security that is actually achieved through phone-based 2FA. 2FA codes sent over SMS are inherently insecure, due to the possibility of SIM cloning or social engineering to gain access to a mobile account (we've even seen a few high-profile examples of this in the crypto space). Authentication apps have proven to be a much safer alternative, as they are not linked to a specific account or mobile network. Instead, they provide codes only on devices that have previously been linked to the application. Additional devices cannot be added without first gaining access using a previously linked device.
Why doesn't Exodus integrate with authentication apps?
Imagine for a moment you live in a high-rise apartment building, and your unit is kept secure by a lock for which only you possess a key. After a wild night celebrating your crypto gains, you find yourself locked out with no key to be found.
In this scenario, the likely next step would be to contact the management of your building. Aside from profusely apologizing to the maintenance technician you just awoke, there is likely not much more you need to do than prove who you are and why you should be granted access to the locked unit.
The same concept applies to the online systems of banks as well as crypto exchanges that maintain custody of your funds. While traditional 2FA methods can act as an effective deterrent for attackers, depending on the circumstances and what alternate proof of ownership you possess, it's more than likely possible to get the building manager (or the bank and exchange) to let you in the door. With Exodus however, there is no building manager to let you in. No one at the company has access to your login credentials, nor can we reset anything on your behalf. You are in full control of your funds.
The gatekeeper's dilemma
Since your Exodus wallet creates, encrypts, and stores all information on your local system, any linked 2FA method would be required to gain access to your wallet. If this 2FA method is your smartphone, access to your Exodus wallet is reliant entirely on your possession and the function of that phone. There is no building manager in this scenario. Without your 2FA device, you're standing outside a locked building, for which only you possess (or did possess) the key. In other words, there is no way to access your funds.
While the above is an example of 2FA leading to an environment that is too secure, there is another side to the story which allows even the most advanced of 2FA systems to be bypassed.
Leaving the back door open
Software wallets that allow control of your private keys, such as Exodus, often provide a secret phrase that is a mnemonic representation of those keys. In the event you lose access to your install of Exodus for any reason, you can quickly restore it by inputting your secret phrase. In fact, due to the standardization of this format for transmitting private key information, you can even import your Exodus-created wallet right into another supported wallet platform.
Based on the above, you may see where the glaring security hole lies. With access to your secret phrase, an attacker could simply restore your wallet into another install of Exodus or similar software, and bypass any established 2FA method altogether. The power behind these 12 or 24 magical words is why it's incredibly important to guard them closely.
What it all means
To implement an effective 2FA system for Exodus, we would need to achieve the following: a reliable backup that doesn't require sharing user data as well as a way to prevent malicious restoration using the secret 12-word phrase, all while ensuring that you maintain full control of your funds. The only possible way of achieving this with the current technology is a hardware wallet like Trezor. For software, it's a difficult equation and the current software hasn't yet given us an answer for it, which is why traditional 2FA isn't in Exodus.
With all of that said, we're not stopping at improving the security of Exodus and will continue exploring how to implement an advanced version of 2FA that does not rely on a third party or hardware and works with a local app like Exodus.