Two-factor authentication is a way to vastly increase your security on websites by generating a unique password every 60 seconds.
Typically, users will install the Authenticator app on their smartphone or use a yubico.com dedicated hardware key. To log into a site or service that uses two-factor authentication, they provide user name and password to the site and run the Authenticator app which produces an additional six-digit one-time password. The user provides this to the site, the site checks it for correctness and authenticates the user.
For this to work, a set-up operation has to be performed ahead of time: Vaultoro provides a shared secret key to the user over a secure channel, to be stored in the Authenticator app. This secret key will be used for all future logins to the site. It is recommended that you print out and securely store your secret key so that if you loose or break your smartphone you can regenerate the same passwords on a new phone.
With this kind of two-factor authentication, mere knowledge of username and password is not sufficient to break into a user's account. The attacker also needs knowledge of the shared secret or physical access to the device running the Authenticator app. An alternative route of attack is a man-in-the-middle attack: if the computer used for the login process is compromised by a trojan, then username, password and one-time password can be captured by the trojan, which can then initiate its own login session to the site or monitor and modify the communication between user and site. The great thing is that the Google Auth app changes the password every 60 seconds, So an attacker has to very well timed indeed. Just in case this very low probability was to happen the attacker can not steal your coins because the payout address is locked.
Before you set up two-factor authentication, you’ll need to download the application to your smartphone.
Android,iOS, BlackBerry, or with a dedicated Yubikey device.