Charlie [IF] | #trinity-announcements
We have just released a new mobile version to our private alpha testing group. It will be available publicly very soon.
With this new version, we have decided to remove 2FA from all Trinity platforms. This is something we have been considering for a while, and with additional confirmation from the security auditors we decided that 2FA (in its current form) simply doesn't provide enough additional security for it to be useful. In the current implementation 2FA is not used to encrypt the seed itself, but rather simply to provide an additional UI blocker to a would-be attacker from entering the wallet. While this does protect against an unsophisticated attacker that has access to the user's wallet and password already, an attacker with sufficient technical knowledge would be able to bypass that 2FA block either way. Due to the nature of TOTP 2FA solutions, it would not be possible to provide useful security without storing the encrypted seed on a centralised server. And in the Trinity team's opinion, cryptocurrency wallets should be decentralised as far as possible, and seeds certainly should never leave the user's device(s) or back-ups. But rest-assured, even without 2FA Trinity remains extremely secure, using widely recognised encryption formats and hashing algorithms, and its encryption methodologies have been comprehensively audited and deemed secure. We are looking into alternative 2FA approaches like U2F, and will hopefully have community-contributed Yubikey support in the near future :wen~2: