The most common 2FA tool at present is Google Authenticator, however, for individual users, Google Authenticator still has weak links in product design that may lead to security risks
Case number one:
Hackers steal Google's 2FA private key: Binance was hacked in the early morning
The reason for the theft of the official version: Hackers use a combination of various attack methods to attack. According to Binance’s announcement, “The attack was a large-scale systemic attack, in which hackers were able to obtain a large number of user API keys, Google Verified 2FA codes, and other related information.
Using automated phishing attacks to trick 2FA security
Since two-factor authentication is mostly a string of random numbers sent to you, all a hacker needs to do is trick the victim into handing over the code. Hackers deceive victims by sending fake security alerts that appear to be from Google and Yahoo, according to the group
In this context, Cobo has been committed to improving security and has independently developed a more secure and convenient multi-factor authentication
Tools - Cobo Guard, can better protect the security of your accounts and assets.
Cobo Guard generates a pair of unique public and private keys through the device encryption chip. The private key is used for signature authorization, which will never exit the chip after generation and cannot be intercepted and obtained; the public key is used for signature verification and can be transmitted in plain text.
【How to use】
Log in to your Custody account and scan the binding code to complete the association between your account and Cobo Guard. After the binding is successful, the public key will sink to the Cobo server DB as the unique identifier for your authentication. After binding, sensitive operations with high security requirements will be authorized by your guard, and will take effect only after Cobo's signature is passed.
1) After the account is bound to Cobo Guard, the system collects the user's public key for signature verification instead of the private key, which fundamentally avoids the risk of private key leakage that may occur with traditional 2FA tools;
2) Authorization operations can be completed through fingerprints or FaceID. Compared with traditional 2FA tools that require input of random 6-digit numbers, Cobo Guard is not only more convenient and faster to operate, but also avoids the risk of plaintext input tokens being phishing attacks or maliciously intercepted;
3) Messages authorized by Cobo Guard will be verified by the system in real time instead of the previous WeChat inquiry and verification method, which can improve your withdrawal efficiency;
4) Cobo Guard can clearly show you the content that needs to be reviewed and authorized in the form of text;
5) You can view all your authorized message records through Cobo Guard.