Requirement:
EOS blockchain users should be able to opt-in for 2FA on their accounts. As soon as the 2FA is enable on one account, all the changes on that account should go through the 2FA workflow (that includes disabling 2FA setting, changing the permissions on the account, transferring tokens from the account).
Implementation details:
- A new table 2faaccounts (account name, 2FA flag, encrypted email address) is needed to store the users that opt-in for 2FA
- Each transaction signed by the user which has opted-in for 2FA is not sent right away for processing pool but put in another transactions pool '2FA transactions pool' along with a unique encrypted 2FA code, and with an expiration time of 5 min (can be adjustable, expiration time could be stored in the table 2faaccounts), and sends an email containing the unencrypted 2FA code to the email address of the account stored in 2faaccounts table.
- If a transaction is received which references one of the transactions IDs stored in '2FA transactions pool' and it contains a 2FA code that is matching the decrypted 2FA code saved along with the transaction ID stored in '2FA transactions pool' then the transaction stored in '2FA transactions pool' is deleted from the pool, mark as valid and sent to the processing pool.
- If a transaction stored in '2FA transactions pool' expires, it is deleted from the pool, marked as not valid and sent to processing pool, where it will just be stored in the chain as an invalid 2FA transaction.
Chain user workflow
Enable 2FA:
1.1. to enable 2FA user sends an action 'enable2fa' to contract 'eosio.system' with param account name and an email string as the third param
1.2. user receives email with the 2FA code
1.3. user sends a second action 'enable2fatk' to contract 'eosio.system' with the first transaction ID, and the 2FA code received via email
1.4. if the 2FA code is correct user has opted-in for 2FA from here onwards, the initial transaction is processed and stored on the blockchain
Disable 2FA:
2.1. to disable 2FA user sends an action 'disable2fa' to contract 'eosio.system' with param account name and a value of false
2.2. user receives email with the 2FA code
2.3. user sends a second action 'disable2fatk' which contains the ID of the first transaction, and the 2FA code received via email.
2.4. if the 2FA code is correct user has opted out of 2FA from here onwards, the initial transaction is processed and is stored on the blockchain
Tranfer tokens:
3.1. user sends an action 'transfer' to contract 'eosio.token'
3.2. user receives an email with 2FA code
3.3. user sends a second action 'transfer2fatk' with the 2FA code received via email
3.4. if the 2FA code is correct the initial transfer is processed and stored on the blockchain
Wallet user workflow
Transfer tokens:
1.1. user authenticates using the wallet
1.2. user sends some money to another account
1.3. user is announced by the wallet presentation view that he has to check his email for the 2FA code
1.4. user enters the 2FA code into the wallet and confirms the transfer transaction
1.5. transfer transaction is done
Enable 2FA:
1.1. user authenticates using the wallet
1.2. user enables 2FA using the wallet presentation view
1.3. wallet presentation view is asking for user email address to use in 2FA process
1.4. user confirms his email address and sends the transaction using the wallet
1.5. user is announced by the wallet presentation view he has to check his email for the 2FA code
1.6. user enters the 2FA code into the wallet and confirms the 'enable 2FA transaction'
1.7. user has now 2FA enabled
Disable 2FA:
1.1. user authenticates using the wallet
1.2. user disables 2FA using the wallet presentation view
1.3. user is announced by the wallet presentation view he has to check his email for the 2FA code
1.4. user enters the 2FA code into the wallet and confirms the 'disable 2FA transaction'
1.5. user has now 2FA disabled
The 2FA can be achieved in similar manner via TOTP (google authenticator), along side with email approach. Ideally both should be available for the user to chose from, and both should be implemented so the decentralized degree of the chain is not altered/lost.
Please let us know your thoughts and comments. If this would be implemented we believe benefits are clear.
@worbli @telos @wax @enumivo @evolutionos @eosio
Thank you,
eosromania22