Implement Speakeasy for 2FA

[jonn4y]

How hard would it be to add Speakeasy via npm to enable 2FA on the exchange.

I know @3s3s said he wouldn't add 2FA as email confirmations are suitable for security but if you have access to someones account you can just set a high sell on one account and buy all of one coin with it essentially transferring the coins to your other account and withdraw that way without the need to confirm the hacked account via email.

I have looked into speakeasy and it could be as simple as adding a new column in the users table for the generated security key then editing the login page, profile page, wallet page (for withdraw) to ask for the 2FA code before logging in and withdrawing

before i look into it further and start giving it a try has anyone implemented 2FA or has anyone used speakeasy before?

Here is a link to a tutorial: https://davidwalsh.name/2fa and a link to speakeasy: https://github.com/speakeasyjs/speakeasy

[jonn4y]

Im going to offer this up as a bounty if someone can implement it i am willing to pay

[daygle]

I'm interested too, a heap of my members are requesting this.

[ghost]

Interested as well!

[jonn4y]

I have spoken with @3s3s over email and he said:

I'm very wary about including third-party code into exchange. Maybe in the future I'll do something like this as an option. But we must think carefully how not to harm the safety.

so i have asked if its possible to add something like poloniex with the pin via email like the attached

[ghost]

That would be fine with me, or even some exchanges have you input a 4-5 digit pin number as a 2FA. I believe crypto hub does this.

[jonn4y]

@TheRealHotSwap i knew one exchange did that couldn't remember which one, that is also a good one for a temp solution until @3s3s can implement full 2FA (which a few people are willing to pay for implementing and we could crowd fund if need be 😄) entering a pin would just be an extra field in the profile page for them to save the pin, an extra column in the user DB field and a additional page redirected when user+pass is correct that then checks if the pin is correct.