Closed mhluska closed 7 years ago
mhluska
commented
7 years ago @greenaddress are you able to help? You seem to be purposely ignoring these sorts of issues.
I'm looking at my funds but cannot access them. I have the mnemonic, encrypted mnemonic and PGP secret:
greenaddress
commented
7 years ago Dear mhluska,
Apologies for the late reply - we should have replied earlier.
In cases like this we have no way of making sure that we are not facing someone trying to bypass security. We take our users security very seriously; We have never disabled two factor authentication for any user once they have set it up, unless explicitly authorized to do so via another two factor authentication method. We follow the restrictions that the user places on their own account without exception.
In this case the account was configured without a backup authentication method and it appears you did not backup or transfer that authentication method to your new device. If your coins are in a 2of2 account then you will need to recover your authentication, we cannot disable it in this or any other case.
If you transferred your funds to a 2of3 account then then you can move them without two factor authentication since you have 2 of the 3 required signatures. If not, then unless you can recover your authorisation we cannot help you.
We remind users during two factor setup to make backups of things like OTP/Authenticator and to enable multiple two factor options to prevent this situation from happening. As noted, 2of3 accounts can be used to avoid requiring authentication also.
We understand this is upsetting for you, and we are actively working on potential solutions to overcome this problem in the future, such as CLTV/CSV and opt-in methods of resetting two factor authentication after an enforced delay and notification of the old methods. However these future mitigations require careful design and development to ensure that they cannot be exploited by attackers. I hope you understand that it may be some time before we can safely implement them.
In the future if or when there is a solution that can help you with the situation I won't hesitate to contact you.
Regards Lawrence
adinxs
commented
7 years ago @mhluska so how to recover so i dont want to use google authenticator
pvdyck
commented
7 years ago When only one 2FA method is used and it could be lost, like google authenticator, you should enable a reset, especially when we have the mnemonic and pin code.
Since all the other wallets are offering this solution, I suppose you are aware of this limitation.
Could you please confirm that you are doing it on purpose ?
Thanks
greenaddress
commented
7 years ago @pvdyck unfortunately is not that simple. We deeply care about security and won't disable any two factor authentication without appropriate request.
For more information you can see our FAQ at https://greenaddress.it/faq
I have a GreenAddress wallet with funds locked inside. The wallet has 2 factor auth with Google Authenticator enabled. I have:
I don't have:
How can I recover the funds? Does the wallet store a public/private key pair somewhere on disk? Can I recompile the desktop client in a way that it doesn't prompt for 2fa?
This is probably the wrong place to post so my apologies but I haven't been able to get in touch any other way.