On-Chain 2FA

Fluvi Wallet provides an on-chain two-factor authentication (2FA) feature, requiring users to undergo 2FA when interacting with assets.

Unlike traditional EOA wallets that expose all assets to risk in the event of a private key compromise, Fluvi Wallet mitigates the risk associated with private key leaks using various on-chain 2FA methods.

What is 2FA exactly?

The basic principle of 2FA is to store a means of verification that only the user can provide, and not a third party, with a trusted party. Then, authentication is required. There are mainly two types of 2FA: Time-based One-Time Password (TOTP) systems like Google Authenticator, which generate codes based on dividing a secret key and time, and verification methods using secondary means like email or text messages.

How On-chain 2FA different with normal 2FA?

Typically, 2FA implementations allow users to proceed to the next step once the server confirms successful verification and relays it to the frontend. However, this approach is rendered useless in the context of blockchain, as stealing the private key would allow an attacker to bypass the verification and directly submit a transaction. To ensure security even against such hacking attempts, we have configured our system so that the server signs transactions that have passed the 2FA verification using Amazon's Key Management Service (KMS), allowing on-chain verification of successful 2FA.

Of course, users who wish to use the Fluvi Wallet for its other features without 2FA can choose to disable this function.