Posted on

Crypto Exchange Kraken Makes 2FA Mandatory and Forms New Security Lab

United States-based cryptocurrency exchange Kraken announced that two-factor authentication is now mandatory for the exchange’s users.

Nick Percoco, chief security officer at United States-based cryptocurrency exchange Kraken, announced that two-factor authentication (2FA) is now mandatory for the exchange’s users in a post on the company’s official blog published on March 26.

2FA, in this case, is an additional component needed to access an account. Often 2FA requires the user, after entering their login information, to also enter a one time password (OTP) received via SMS. Per the announcement, Kraken supports Google Authenticator  and YubiKey as 2FA implementations.

YubiKey is a hardware device dedicated to generating OTPs, while Google Authenticator is a smartphone app meant to do the same. The post points out that 2FA was available as an additional security option to its users since Kraken’s launch in 2013.

The announcement also notes that the measure is part of a broader set of changes included in its security features roadmap that spans “into 2020 and beyond.” While the roadmap itself won’t be made public, Percoco claims that the future changes will be announced and will need action on the part of users.

The post also discloses the formation of the Kraken Security Labs, a team dedicated to enhancing the security of the company’s products and environments. Furthermore, the team will also perform vulnerability research against third party products, such as hardware and software wallets and related technology.

Percoco also promises that Kraken’s cybersecurity team will responsibly disclose the identified issues to improve the overall security of the crypto ecosystem.

As Cointelegraph recently reported, major hardware wallet manufacturer Ledger had unveiled vulnerabilities in its direct competitor Trezor’s devices. Trezor, on the other hand, responded by claiming that none of the issues identified were critical.

Fraudulent hacks are on the rise, with a recent report claiming that in Japan, the number of hacked Internet of Things devices and cryptocurrency networks nearly doubled in 2018 when compared to the previous year.

Posted on

Capital One Seeks Blockchain Patent for 'Collaborative' Authentication Tool

U.S. banking giant Capital One is working on using blockchain technology to usher in more convenient and secure user authentication methods for instances such as banking security.

In a continuation of a patent application submitted to the U.S. Patent and Trademark Office (USPTO) back in June 2017, Capital One sets out a blockchain system that will receive, store and retrieve encrypted user authentication data, according to a filing released Thursday.

The proposed idea is described as “a distributed, non-reputable record of authentication interactions” that allows users to authenticate themselves across multiple institutions, but limits how much personal information is shared between them.

In effect, the method retrieves identification data on a user when they commence the authentication process (assuming the user has a profile set up). The system will authenticate or reject the user based on the received authentication information, but the user data itself is kept securely on the blockchain.

The claimed invention is said to potentially reduce “time and resource burdens” for institutions when on-boarding new clientele. Furthermore, the filing adds, it would be a boon for users that may “resent” having to repeatedly authenticate themselves as they move between different institutions.

Thus, Capital One says, both institutions and clients “may therefore benefit from a collaborative authentication system that handles authentication interactions for multiple institutions.”

One business-focused use case for the invention is stated as fulfilling “statutory or regulatory requirements, such as ‘Know Your Customer’ requirements,” which most financial institutions around the world are legally mandated to abide by to reduce the risk of money laundering.

Capital One image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Social Network Adopts Civic's Blockchain ID System

Blockchain identity startup Civic has launched a decentralized verification system – and a social media platform for the crypto community is already moving to adopt it.

Dubbed “ID Codes,” the mechanism has been integrated with the website of Hilo, a social network platform for both experienced cryptocurrency traders and “newbies” that, when launched, will provide information on crypto tokens and prices.

According to Civic, ID Codes provide users and institutions with an independent way to authenticate their identity for social media profiles, company profiles and more. After users undergo verification by submitting a selfie and scans of their driver’s license and passport, the company provides them with a unique link and verified profile that is then encoded on Civic’s network.

CEO Vinny Lingham told CoinDesk in an interview that Civic is attempting to resolve what he considers to be the problematic notion that anonymity is a good thing.

“It’s not always needed and not always necessary. And in fact, it’s actually dangerous for people because they lose money,” he said – through giveaway scams, for example.

First conceptualized over a year ago, the development of the verification technology was prompted by the proliferation of fraud and scams in the cryptocurrency industry, particularly with initial coin offerings (ICOs) or token sales.

One common scheme Civic hopes to prevent, in particular, is the false listing of top industry executives as advisors on scam ICO websites – something of which Lingham himself has been a victim.

Community boost

It’s this use case, in part, that motivated Hilo to adopt the technology.

“Why we’re excited about Civic ID Codes to start off with is it allows us to authenticate our team members, our investors and our advisors on our website,” Hilo founder and CEO Monica Puchner told CoinDesk.

She went on to say:

“As we release to a global community, that’s kind of the first level point of contact that people will have with our website. So, being able to authenticate our investors and advisors is very paramount and important for us.”

Although still in beta, Hilo will also use Civic’s technology to validate its users’ identities. While they will not be required to use the service, users who do not undergo the verification process will be unable to comment on the site and reap any rewards. Puchner estimates that this will mitigate the issues with bots and trolls faced by social platforms like Twitter.

“We think that having that level of transparency and authenticating users at login is very important to kind of get away from the trolling experience and the bad behavior that is surrounding other sites,” she said.

Looking ahead

Lingham said Civic plans to fully roll out ID Codes in the third quarter of this year. The technology will be free for users, but businesses will have to pay to use the service.

In the short term, however, the company is giving businesses more than 100,000 tokens raised through its $30 million ICO held in 2017.

“That subsidizes the cost of operating the network because these tokens effectively pay for whatever they would normally pay out of pocket for,” Lingham said.

He thinks moving quickly is critical to being successful in the industry, and he has wasted no time finding other partners. Lingham said 60 to 70 businesses have committed to using ID Codes, and he also expects the companies he advises to adopt the technology.

“If you see me listed as an advisor somewhere and you don’t see the ID Code in probably the next month or two, you should probably double-check that, because I’m going to make sure all my companies start using it,” he said.

Paper dolls image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.