[ANN] Peermit 2-Factor-Authentication deployed in the TESTNET!

[roadscape]

Built into the wallet now.. nice!!

I tried to propose a tx, but I get: "Missing Active Authority 1.2.463". Strange, 1.2.463 is the account I just created (lock-it-down). I did verify that I have a 2nd authority and the threshold is 2.

You need to propose a transfer from ANOTHER account.
Also note that you have not added a reference account to your lock-it-down account.

This account shows you how things should be looking (take a look at the ACTIVE permissions tab):
https://testnet.bitshares.eu/#/account/tesaf11/permissions/

I will work on making it more clear that

a) you need a regular account as reference that can create proposals for the secured account and
b) you need to have the reference account added to your active permissions .. which is what step 2 in 2FA does

Ok, now I was successfully able to propose a transaction, but I don't see an email yet. (`roadscape` proposed for `lock-it-down` to send 10,000 TEST to `faucet`)

[xeroc]

Built into the wallet now.. nice!!

I tried to propose a tx, but I get: "Missing Active Authority 1.2.463". Strange, 1.2.463 is the account I just created (lock-it-down). I did verify that I have a 2nd authority and the threshold is 2.

You need to propose a transfer from ANOTHER account.
Also note that you have not added a reference account to your lock-it-down account.

This account shows you how things should be looking (take a look at the ACTIVE permissions tab):
https://testnet.bitshares.eu/#/account/tesaf11/permissions/

I will work on making it more clear that

a) you need a regular account as reference that can create proposals for the secured account and
b) you need to have the reference account added to your active permissions .. which is what step 2 in 2FA does

[xeroc]

I think I like this. Usually 2FA involves a cell phone account (a means to tie real world ID to an ID in virtual space). If I understand this correctly the 2nd factor in the approach you outline here is just another BTS account owned by the same person as the account you wish to secure. Not everyone uses a cell phone, or one tied to a verifiable, real world ID so this approach avoids that concern as well as preserving pseudo anonymity.

Do I have your 2FA approach correctly framed here xeroc?

It's about right. Yes. My lawyer is of the opinion that (once I formed a
legal Peermit entity), I don't need to know real world identities just
to provide this service.

As for PhoneID and other means of second factor verification, I do plan
to add other communication channels, such as maybe SMS, Telegram chat,
IRC or maybe later even add QR-code verification (little tricky) but
before doing so, I need to make sure the core functionalities are
stable.

[roadscape]

Built into the wallet now.. nice!!

I tried to propose a tx, but I get: "Missing Active Authority 1.2.463". Strange, 1.2.463 is the account I just created (lock-it-down). I did verify that I have a 2nd authority and the threshold is 2.

[kenCode]

 

[Thom]

I think I like this. Usually 2FA involves a cell phone account (a means to tie real world ID to an ID in virtual space). If I understand this correctly the 2nd factor in the approach you outline here is just another BTS account owned by the same person as the account you wish to secure. Not everyone uses a cell phone, or one tied to a verifiable, real world ID so this approach avoids that concern as well as preserving pseudo anonymity.

Do I have your 2FA approach correctly framed here xeroc?

[DestBest]

 

[testz]

   

[ebit]

 

[xeroc]

After quite some coding, refacturing, cleanups and more refacturing of
processes as well as with the great progress made by jcalfee1 and svk, I
am proud to show the first minimum viable product for Peermit
2-Factor-Authentication in the testnet.

This gives you a free way to play around, setting up a secured account
and learning how things will most probably be deployed also on the main
network and hopefully gives me some material and feedback that I can use
to improve the UI and the backend code.

This is how it works:

1) Create a new account on http://testnet.bitshares.eu
2) Create a new "secured" account
3) Make a backup to secure the owner key that will give ultimate access to your account
4) Unlock your wallet
5) Open the Permissions page of your account and click on the tab "2FA"
6) Provide a mail address that shall be used to contact you on proposals Click on the "register" button and wait for confirmation from the API server
7) Provide a reference account name (a secondary account that you have control over) that has to also approve any proposals Click on the little 'add' button and don't wonder that your account name disappears afterwards
8) Enable 2 Factor Authentication
9) Finally publish the changes made to your account

No you can essentially delete your newly created wallet that contains only one
(secured) account and for which you have a backof of the owner key.

If you open up your regular wallet, you can now open the account page your your
secured account and propose a transfer from that account (e.g. the initial 1M
TEST).

Once you have proposed that transfer, you should receive an (currently ugly)
email with a link to peermit.com. After providing the secret token (similar to
poloniex) to peermit.com, we will approve your transfer.

All that is left is that you reference account ALSO approves that transfer. To
do so, open the secured account. You should see the proposal below the list of
assets. Click on "Approve" and add your approval from the corresponding
accounts.

After that approval transaction has been confirmed, the transfer will be
executed.

Happy testing. I am looking for plenty of constructive critisism.

Cheers
 -- Fabian