Security Suggestion for Crypto Exchanges - Withdraw Behavioral-Lock
Source
Are you tired of living with the threat of getting blind-sided by hackers, phishers & scam artists?
Exercising a moral bankruptcy that would make bailout-beneficiaries blush, such individuals think nothing of setting their sights upon their fellow humans and impoverishing them overnight. "Fair game", to a fair number among them, is anything that they can hit.
Well... I've Been Taking My First Tentative Steps Into Crypto Trade...
That is right. As of at this time I'm a 'crypto-n00b' converting his first Euros online to play 'Crypto Trader-Investor'.
Full disclosure achieved right here! Now you can choose to hear me out with eyes open. ^_~
Well... I have quickly figured out an important tool that seems to be missing on trade exchanges.
Source
The Ability to Behavioral-Lock Withdrawals
Let us say, for the sake of simplicity that on an exchange Donald has $2,000 dollars.
$1,500-worth of Cryptos A, B and C, and $500 in Fiat.
Let us also suppose that his username is predictable and his password for getting into his account happens to be 'TheBest' (In other words - lets just say that his security could be a LOT better (forget Two Factor Authentication also)).
And... a hacker gets in, and promptly tries to direct the exchange to send all the currencies to another account.
Source
Well - Donald 'did' put one security measure in place to prevent such.
He turned on the 'Withdraw Behavioral-Lock' security measure.
In doing so he set multiple layers of behavior-flagging conditions:
That he can only withdraw between 13:00 and 15:00 UCT
That he can only withdraw on Mondays and Fridays
That he can never withdraw more than $500 on any given day
And...
- That he won't be able to withdraw anything before December 26th the same year.
Source
Well...
The hacker found that things were quite smooth-sailing with the exchanges - and the exchange platform seemed to allow her to proceed.
However in truth there were a few problems.
Besides it being a Tuesday, and the collective amount of withdrawals exceeding $500, the date is a whole month and more prior to the December 26th date set.
So while the hacker seems to be doing OK, her activities are flagged upon multiple levels.
The session is suddenly terminated.
The email address associated with the account receives a report of the attempted access (including hint as to which behavioral protocols were violated), and a new password which replaces Donald's own. He 'could' try to use his old password to regain access - but he'd have to go through the whole identification verification process (again?).
Source
This is what I've got thus-far.
Of course there are further features that could be added - but to me it makes logical sense to implement some kind of behavioral checks for as far as this sphere is concerned. For as long as the fail-safes are fair and recovery is doable - then its fine.
As I continue to prod this alien dimension I am certain that further thoughts will come to mind, but in the meantime - I'll just conclude by mentioning that any crypto or fiat currencies depicted are merely for illustrative purposes and not intended to indicate favour or otherwise.
Similarly applies to 'Donald' who is a fictional character. Any semblance is partially coincidental - we are all influenced by our environment. ;c)
Source
I don't normally speak about cryptocurrencies - but this has been rumbling through my mind for a couple days. What is your take on security? Do you think the above might work? Do you foresee any issues?
Regardless of whether you find yourself in agreement or not - or just seek to educate me - I look forward to seeing you in the comments below. :c)
Also, if you found this post interesting and would like to share this with your followers and friends then a resteem is always appreciated.
Sincerely,
Previous Post: Nostalgic Game Design Focus - Bubble Bobble
An interesting possibility that I've never considered.
I think it would be safe to allow someone to select their own behavioral preferences.
It could save them a headache in the case of being hacked, however it may end up being just as much of a pain and would consider setting up an override anyway.
Limiting a persons transaction capabilities can also safeguard them from making a bad decision based on emotion, however it could also inhibit them from their full potential on a sure bet.
Thank you, @akrid, both for your up-vote as well as your excellent comment. :c)
That you had never considered this avenue I consider to be highly encouraging.
Depending upon how tight the behavioral controls are, I do suspect that this could thwart the vast majority of cases of wrongful access (phishing/hacking).
The only scenario where I could see any kind of override being desirable is a situation where one has placed a 'won't withdraw funds before X date' behavioral lock and ends up needing funds sooner (in which case a/he needs to reflect upon the possibility that s/he is engaging in over-investment) - or perhaps made a mistake. 26 Dec 2018 is a whole year beyond 26 Dec 2017.
In the event of such a mishap standard security checks could involve specifying the Day and month - although full ID verification (for exchanges where such applies).
For decentralized exchanges one could use a master password as an override. It might be an interesting feature for behavioral locks to offer to send emails or allow a print-out for one's personal records.
As for emotion - that is not the kind of safeguard that I had in mind - but I can see what you mean. :c) I personally feel that there should be as few hindrances as possible where placing traces are concerned (although I would favorably consider warnings where attempting to buy or sell outside the day norms of a given exchange (example - missing or appending a '0' in price). I'd consider such a three-click process (because once in a while, two-click is not enough).
Source
Thanks again! :c)