Blog Feed
How to Secure Bitcoin Wallet
A couple of years ago Bitcoin made quite a stir all across the mainstream media when the price skyrocketed. People that never even heard about blockchain, cryptocurrencies or Bitcoin wallet suddenly started looking into buying some. That’s when more and more horror stories from people that lost all their assets due to a lost password or stolen keys started to appear in common press, like the Guardian. Though we’ve all been reading such horror stories on Reddit for years before that. I remember reading this article back then, the guy described in every excruciating detail how he forgot his PIN and tried to get access to his money for almost a year. I clearly remember thinking when I finished reading — “I wouldn’t want to live through something like that”. Yes, investing in a bit of cryptocurrency seems to make sense, but the risk is too high, it’s too easy to lose all my investment. Or is it? Luckily, I have done the research and know precisely how to protect my investments. And today I’m going to share that knowledge with you. Read on to find out how a BTC wallet works, what are available Bitcoin wallet types, and most importantly — how to secure Bitcoin wallet to get yourself a safe wallet and thus never have to publish your own horror story on Reddit. Here is a table of contents for your convenience: How does a Bitcoin wallet work What are the types of cryptocurrency wallets Hot cryptocurrency wallets 1. Web wallets / online wallets / cryptocurrency exchanges 2. Mobile wallets 3. Desktop wallets & Bitcoin clients Cold cryptocurrency wallets 1. Paper wallets 2. Hardware wallets How to protect hot cryptocurrency wallet 1. Keep only a small amount of Bitcoins in your wallet 2. Use two-factor authentication 3. Encrypt your wallet 4. Backup your wallet! 5. Keep your Bitcoin Software up to date but turn off auto-updates 6. Use multi-signature to protect against theft 7. Think about the future 8. A few more security tips How to protect cold cryptocurrency wallet Final word Read more Protect your online wallet with 2FA token How does a Bitcoin wallet work For the purpose of not making this post as long as the Song of Ice and Fire saga, we assume that you already have an understanding of blockchain, Bitcoin and how it works. Now, let’s take a look at a cryptocurrency wallet. Unlike a physical purse, it does not actually store any coins. All the cryptocurrency is compiled in the blockchain, which in its turn is accumulated on thousands of node computers across the world. What the wallet does contain are the Bitcoin address, public key and private key, which combined create a permission for the wallet’s owner to use the coins associated with it. Every Bitcoin address is unique, there are no two identical addresses. It looks like a string of random characters (both numerical and alphabetical, upper and lower case). Think about the Bitcoin address as a bank account number. Just like you’d do with a bank account, if you want someone to pay you, you simply give them a wallet receiving address. One bitcoin wallet can have an unlimited number of receiving addresses, generated by the public key assigned to it. The public and private keys are...
read moreKeylogger Definition, Detection, and Protection
There are hundreds, if not thousands, types of malware spread online. Out of them all, keyloggers can legitimately be considered the worst. We are not being dramatic here. If you get infected with a keylogger virus you basically show the hackers everything typed on the keyboard. Passwords, credit card credentials, messages, everything you search for, all of it gets to be exposed and easily stolen. Read on to learn: the keystroke logging definition, types of this malware you can come across, how keylogger software is spread, ways to check for keylogger ways to protect yourself from all the types of keyloggers and spyware. Keylogger definition Key logger, keystroke logger, also called system monitor, is a perfectly legal surveillance technology. When installed with your own hands on your own computer or smartphone, that is. Corporations commonly use this tool to track and troubleshoot tech issues and surreptitiously monitor their employees. Parents can use this software to monitor the ways their kids use the Internet too. There are known episodes when governments used the technology to collect and analyse info for crime solving. So what is keystroke logging? As the name suggests, keylogging is a process of recording every key clicked on a keyboard (both desktop and mobile). Keystroke logging technology allows for gathering info on login credentials, web browsing, basically, everything that involves typing, and then sending the collected info, often encrypted, to a server, where it can be decrypted and read. | Read also: How Does Brute Force Attack Work Types of keyloggers There are two ways to divide all the keyloggers into types. First one takes into consideration the way the recording is performed. With this approach all the keylogging can roughly be divided into the following types: Form-grabbing Memory-injection API-based Kernel-based Hypervisor-based The second approach divides them into software and hardware ones, and it’s much easier to understand. Hardware keyloggers As the name suggests, hardware keyloggers are physical devices. These devices can be either inconspicuous looking plug-in types that are inserted into the keyboard port, or modules embedded into the keyboard or the internal computer hardware. Either way, the criminals will have to gain access to the victim’s computer to plant the device. And to collect it to read the info later, since most of these devices do not transmit the gathered information back to the hackers. Software keyloggers Software keylogging is much easier to do. There’s no need to install a physical device, so no need to break into an actual office or home. All the criminals have to do is infect the victim’s computer, which is much easier done than you might think. Unlike a lot of other malware, keylogging software is not harmful to the infected systems. Their whole point is to stay hidden, operate under the radar and silently and continuously send logs of every action done with the keyboard back to the hacker. The most commonly used software keylogger is memory injection soft. This is essentially a Trojan virus altering the system memory to bypass security. Another popular software records every form submitted online from the infected computer. So if you submit a form to create, say, a bank account, the hacker will know every piece of data you submitted. | Read also: Social Engineering: What It Is and Why It Works...
read moreHow Does Brute Force Attack Work
Brute force attack is one of the oldest hacking methods, yet still one of the most popular and most successful ones. With computers and technologies evolving as fast as they are, bruteforce attacking is now fairly easy to run and more difficult to protect against. Brute force attack definition So, what is brute force exactly? Brute force definition can be given as such — it is a type of cryptanalytic attack that uses a simple trial and error, or guessing method. In other words — a criminal gains access to a user’s account by guessing the login credentials. Sometimes, brute force attacks are still done by hand, meaning that there’s an actual person sitting in some basement and playing a guessing game with your credentials. But, more often than not these days, the hackers use a brute force algorithm, or brute force password cracker, which is, basically, a bot that submits infinite variations of username/password combination and notifies the hacker when it gets in. What is bruteforce attack with examples Brute force has been around ever since coding was invented. Naturally, the public’s been informed about some high profile attacks over the years. Though we can safely assume we do not know about a lot of the ones in the past and ongoing break-ins. The most well-known brute force examples are: the 2016 Alibaba attack, when millions of accounts were affected; 2018 Magento break-in that resulted in a thousand admin panels compromised; another rather recent example occurred in Northern Ireland, where several accounts of parliament members were compromised; and our favorite — in early 2018 it turned out that Firefox master password is very easy to crack with brute force, which means millions of user accounts might have been compromised over the years it’s been widely used. So, how does a brute force attack work exactly? As we’ve already established, brute force hacking implies that someone is trying numerous combinations of username and password, again and again, and again, until they gain the desired access. So let’s say a username is as simple as “admin” and doesn’t take too much effort to guess (we bet that’s the first one any hacker tries). The password is a whole other story. Usually, a password requires at least 8 alphanumeric characters. There are 26 letters, if the password is lowercase and letters only (which it rarely is), so it makes for 26 possibilities for one character of the password. We can double that, because most passwords are case-sensitive. So it makes 52 possibilities for one character of a password. Add to that 10 digits and, for example, 5 special characters, and you get 67, which roughly makes 406 trillion combinations for the whole 8 characters alphanumeric password. | Read also: How to Choose and Use Strong Passwords How fast can a password be cracked How long does a brute force attack take? We have 406 trillion combinations. Seams like it will take centuries to crack, right? The answer is yes, if the bot attempts a thousand combinations per second. But the technologies evolve, remember? So, taking that into consideration, how fast can a random password be cracked? There are computers that can do a hundred billion guesses per second and get the correct password in a few hours. There are even super...
read moreSMS Authentication: All Pros and Cons Explained
It’s delightful to see that more and more websites, apps and services employ MFA and even make this type of log-in protection a mandatory feature. What makes us a bit concerned, is that a huge portion of those websites still opt for SMS 2fa. Despite the facts that SMS verification has too many limitations and has been proven to be a lot less secure as any other two-factor authentication method. In fact, NIST (the National Institute of Standards and Technology) has issued a recommendation to replace SMS authentication with other types of MFA back in 2016. We do believe that SMS protection is way better than no protection at all. But is SMS secure? If it’s not, why so many companies continue to use it? Is SMS two-factor authentication really as evil as they say it is? What can it be replaced with? Let’s find out! SMS Authentication Pros SMS two-factor authentication is still alive and striving partly because of SMS ubiquity. It is a standard feature of most mobile plans from basically every mobile operator all over the world. Even if a user has no smartphone, they most probably have a simple mobile phone, which supports SMS.It is easy. There’s no need to download any apps, scan any QR codes, etc. SMS has been around for quite a while (the first SMS was sent back in 1992), even my grandmother knows how to use it, and she’s 90. So if you’ve got a non-tech savvy user you can bet they will be able to use an SMS authentication code, while a more advanced MFA type might become an issue.Finally, if someone tries to breach your account, an SMS code will be delivered no matter what. Some MFA apps, for instance, might malfunction in this scenario if there’s no Internet access. And with a two-factor authentication SMS you’ll know for sure something’s not right. Unless, of course, it’s a spoof SMS, or you are not the one receiving the verification password. And that’s where we come to the cons of SMS MFA. SMS Authentication Cons As a number of infamous data breach scandals has shown over the last couple of years – breaking into an SMS protected account is not that hard for an average crook, and very easy for a well-equipped and motivated one. The well-known Twitter break-in was done by impersonating the victim and convincing the provider company to transfer the victim’s text messages to the perpetrator’s SIM card. This is rather easy to do, especially if the criminals know some other bit of information about you, your social security number for example.A similar way to intercept your SMS one-time passwords is again by impersonating you, but this time requesting your telecom service provider to transfer the service to a different carrier. The criminals simply set up with another provider and carry on with their crime.Most of the SMS-based MFA systems offer a recovery option in case a user loses their phone or changes the number. If the hacker has access to your email they can reset the 2FA system, use the fake phone number for verification and you won’t even notice until it’s too late.If you are still wondering how secure is SMS, just consider the following. All the telecom infrastructure around the world relies on...
read morePayPal Two-Factor Authentication with Hardware Security Key
PayPal two-factor authentication became available to users in far 2007. Everybody wishing to protect their PayPal login could order a $5 security token directly from their account. Unfortunately, later the company discontinued the use of its own hardware tokens in favor of SMS-based authentication, decreasing PayPal security considerably. But the situation with PayPal two-factor authentication is changing once again, for the better now: Since 2018, you can use MFA applications to log into PayPal (Google Authenticator, Protectimus Smart, etc.) As MFA apps are available, it’s also possible to use hardware security keys again. There’s just one catch — only programmable tokens will fit for PayPal two-factor authentication. Buy hardware security key for PayPal How do I enable PayPal 2FA? Step 1 To activate two-factor authentication in PayPal sign in your account and navigate to the settings menu. Step 2 Choose the Security tab. Step 3 In the “2-step verification” section, click Set Up. Step 4 At this point, you’ll need to choose one of the available two-factor authentication methods: SMS or MFA application. Programmable hardware tokens can be linked with PayPal as MFA applications. SMS. When you choose SMS authentication, you’ll need to provide a real phone number. You’ll instantly receive a message containing a PayPal security code to confirm the number is correct. We don’t recommend using SMS if you’re able to set up a 2FA app instead or order a hardware token for use with PayPal. 2FA app. Choose this option if you want to link an in-app PayPal authenticator, or the Protectimus Slim NFC – programmable PayPal security key. Step 5 If you haven’t already installed a one-time password generator app, install a free app Protectimus SMART OTP or any other 2-factor authentication app. If you want to use a hardware security token, you’ll need to already have one at this point. It must be a programmable TOTP token – Protectimus Slim NFC or a similar one. The process to link a programmable hardware token to PayPal is no different than the process of linking a two-factor authentication app. To set up the token, you’ll need an Android smartphone that supports NFC. At this point, you’ll see a QR code containing the secret key. Scan this secret key using a two-factor authentication app, or using the Protectimus TOTP Burner app if you’re linking a hardware PayPal security key Protectimus Slim NFC. If you aren’t able to scan the QR code, you can input the secret key manually. You’ll find detailed instructions for programming the secret key into the Protectimus Slim NFC token here. Step 6 To finish setting up PayPal 2-factor authentication, generate a one-time password with your token and enter it in the provided field. Step 7 Create a backup token. If you lose access to your current token, you can restore access to PayPal with your backup token. Remember that if you choose SMS authentication for backup, your PayPal account login will be less secure, even if you linked a hardware security key in the previous step. The best option is to use a hardware token as your main means of authentication and a 2FA PayPal app as a backup, or the other way around. | Read also: How to Backup Google Authenticator or Transfer It to a New Phone What’s the best option...
read moreHow to Get Protected from RFID Credit Card Fraud
Remote stealing of money from bank cards embedded with RFID chips, which is also called an RFID credit card fraud, is quite common for all countries where people use RFID cards, especially for the US and Europe. Let’s try to figure out how this happens and what should you do to protect yourself from such attacks. The RFID technology simplifies the process of cashless payments and is used by international payment systems MasterCard (PayPass) and Visa (PayWave). The convenience of such cards is that when making a purchase for an amount not exceeding a bank-specified limit (in the EU – 25 euros, in the U.S. – $15, in the U.K. – 20 pounds, in Russia – 1000 rubles), the owner doesn’t have to enter the PIN-code or leave a signature on the check. A crooks’ scenario is similar to that of car hijackers. Their task is to get closer, wait for the right moment and seize the necessary data promptly – whether it’s an intercepted signal of an electric lock or an RFID credit card fraud. To steal money from the bank cards remotely the crooks use improvised contactless readers, which work similar to a PoS-terminal – a legal RFID-reader, but they are much more functional. To obtain the necessary information the hackers need to move this reader to the card at a distance of 5-20 centimeters. The thus-obtained data is either saved or transmitted to the counterfeit cards for future use. Even if the card with an RFID-chip is PIN-protected, its number and expiration date are enough for illegal transactions or even creation of a counterfeit magnetic stripe of the card. Coming from the above, even if your wallet with credit cards is securely hidden from prying eyes and hands deep in a pocket or handbag, you can still ‘get robbed’ in a public transport, street crowd, or even at a cash register at a supermarket. Any owner of a card with a contactless payment technology can be attacked. | Read also: The Most Common Ways of Credit Card Fraud How to get protected against RFID credit card fraud? There are not so many ways to protect yourself from the RFID credit card fraud: Data protection experts advise using special bags and wallets with insulation. It is also possible to complicate the task for the hacker having put a few credit cards in one place. Moreover, a few years ago Betabrand clothing manufacturer and anti-virus company Symantec cooperated to design jeans and blazers with pockets made using a special silver RFID-blocking material that prevents the scanner rays from passing through. Ready Jeans with a front and back left pockets being ‘under the Norton protection’ cost $168, and enjoy great popularity in the U.S. A Jacket Work-it at the cost of $198 is a little bit less popular than denims, but it is only because jeans are a more unique garment than the expensive blazer. It’s sad that even if using all the above mentioned costly data protection methods and complying with all safety rules, we cannot fully protect ourselves from phishing, online skimming, social engineering, MITM attack, etc. Thus, as a two-factor authentication provider, we also advise to be always cautious, careful and turn on two-factor authentication for every online bank operation you do in advance. Using 2FA...
read moreTime Drift in TOTP Hardware Tokens Explained and Solved
Multi-factor authentication by a Time based One Time Password (TOTP) generated with a physical device is, without any doubt, the staunchest approach to safeguarding sensitive data and securing access to your invaluable accounts. But being physical objects and having no internet connection gives physical TOTP tokens both their main strength and their major drawback. Without any connection to the net, the tokens’ internal clocks inevitably start drifting, and in a few years, this clock drift may become a major issue. In this post, we will look into the time drift problem with TOTP hardware tokens in detail, see exactly why and how this issue occurs, describe how TOTP works and show you how we finally solved the time synchronization problem in the latest Protectimus Slim NFC tokens generation. Buy TOTP token with time synchronization feature Protectimus Slim NFC How does the TOTP algorithm work? As has been mentioned above — TOTP is an abbreviation of Time-based One-Time Password. It’s a standardized cryptographic algorithm for generating unique one-time passwords, that remain valid only for 30 seconds. TOTP algorithm is a branch of HOTP – HMAC-based one-time password algorithm, so to understands TOTP it makes sense to understand the HOTP algorithm first. What is the difference between TOTP and HOTP? TOTP one-time passwords are valid only for 30 seconds. HOTP one-time passwords, in their turn, remain valid until the server receives a new one-time password verification request. TOTP algorithm is a much more secure version of the HOTP algorithm. HOTP HOTP is the parent OATH one-time password generation algorithm that generates a one-time verification code by mixing a secret key (a shared value) with a counter (a moving factor – variable). A counter is the event of generation of the OTP password. Every time a new one-time password is created, the number of events increases by one, and this monotonously increasing value is used as the variable in the HOTP algorithm. A secret key is the line of symbols shared by the authenticating server and the device on the user’s end (2FA token). The HOTP algorithm processes and hashes the input data (secret key and the current counter value), them cuts the resulting hash to 6 or 8 characters, and this is when we get the one-time password shown on the OATH token. TOTP TOTP algorithm works exactly like HOTP, but, in its turn, gets its moving factor from the running time interval. In other words, TOTP algorithm generates one-time passcodes by mixing a secret key (a shared value) with a current time interval (a moving factor – variable). Therefore, it is very important for the current time on the server and on the token to match. | Read also: One-Time Passwords: Generation Algorithms and Overview of the Main Types of Tokens How do TOTP tokens work? All of the existing multi-factor authentication tokens may be roughly split into two types — the software ones, which refer to using the user’s phone for generating or accepting one-time passwords (authentication apps, chatbots, etc.) and hardware ones (re-programmable or classic hardware OTP tokens). The TOTP algorithm itself can be used in any of these types of MFA tokens, but there’s a slight difference in their setup. Let’s dig deeper into this rather complex process. The TOTP token enrollment First of all, the user...
read moreTwo-factor authentication for Windows 7, 8, 10, 11
Since Windows is one of the most used systems, especially among various businesses, it makes sense to thoroughly protect it. Protectimus has an excellent two-factor authentication software for Windows 7, 8, 8.1, 10, 11. In this article, we will look into how it works and how to set it up. And we will address the most common questions on our two-factor authentication for Windows login. How does two-factor authentication for Windows login work Two-factor authentication for Windows login is rather simple. The process consists of two successive levels of login, just as the name suggests. First, the user has to sign in with their common Windows credentials (their regular username and password). On the second level, the user has to enter a one-time password (OTP). This password is valid only for 30-60 seconds and can be delivered or generated via a number of different ways, the user can choose which way they prefer. It can be a chat-bot message, 2FA app, email, SMS or one of our hardware security tokens. Windows 7 two-factor authentication ensures there’s minimum to none risk for the Windows user account to be breached if the user’s regular password is compromised. In this unfortunate case, the criminals will have to get access to the user’s email, phone or hardware token, which is much harder to accomplish. And at the same time, if the phone or OTP token is compromised, the attacker still has to guess the password. Besides, each one-time password generated by your two-factor authentication token can be used only once and is time sensitive. This means that the generated code will simply expire and won’t be usable within 30-60 seconds. Which makes it almost impossible to intercept and have the code used for unauthorized access to the protected Windows account. | Read also: 10 Windows Computer Safety Tips How to set up two-factor authentication for Windows 7, 8, 10, 11 It is very easy and fast to set up Protectimus dual factor authentication Windows solution and have your Windows 7, 8, 8.1, 10 or 11 thoroughly protected from unauthorized access, the whole process usually takes less than 15 minutes. This Windows two-factor authentication software is designed both for individual and business users. So it’s very easy to set it up. The set up can be done by any user themselves without involving an admin with special skills. 1. Create account in Protectimus Service Fill out the registration form and create your Protectimus 2FA service account. 2. Activate a Service Plan Choose a service plan and make sure to activate it, even if it’s a Free service plan. The API won’t function unless a service plan is activated. It can be deactivated at any time. 3. Create a Resource To group and easily manage the users and tokens we use Resources. So the first step to actually start using Protectimus MFA for your Windows is to create a Resource, which is done by clicking one single button and giving a name to the Resource you created. 4. Enable Automatic Registration of Users and Tokens Once a Resource is created, switch on automatic registration of Users and Tokens. When the automatic registration of Users and Tokens is enabled, your users will enroll their tokens themselves during their first login to the Windows account after you install the...
read moreElectronic Visit Verification with Hardware Tokens
Protectimus multifactor authentication solution is an ingenious, versatile system that can be used in many ways, from helping developers implement two-factor authentication on their apps and services to protecting an end user’s Office 365 account with the help of hardware tokens. Our team made Protectimus system truly versatile, it could be customized to create even the most unconventional solutions to fit our clients’ needs. In this article, we will describe in detail one such unconventional solution we created on the basis of Protectimus multifactor authentication — electronic visit verification system. You will learn what electronic visit verification actually is, where it is used and how the EVV solution from Protectimus works. Contact us for more information What Is Electronic Visit Verification? Simply put, EVV is an automated solution for home care workers that collects info on the time of attendance and all the necessary details of the care plan. Electronic visit verification software gives such care services as Home Health, Home Care and Hospices an easy and sustainable way of verifying visit activity (type of home care service, individuals receiving and providing the service, date, exact time and location the service was provided at) and ensuring the patients are never neglected, eliminating even the possibility of fraudulent home visit documents. EVV is mandated by a number of states and recommended by those that do not mandate it. The system is widely used by most states and other payers, as it is a far more reliable and effective way of monitoring caregivers than any document signed by hand can be. And with the 21st Century CURES Act passed, it became a requirement for all homecare providing facilities to have EVV adopted by 2023. EVV was invented way back in the 90s, since then the technology has moved worlds ahead, so new ways of implementing EVV are currently in demand. | Read also: Why is healthcare data security so important? How does Protectimus electronic visit verification system work? Time-based one-time passwords generation algorithm (TOTP) allows for calculating the exact time of when the used passwords were generated. This feature is what made it possible for us to build one of the most user-friendly EVV solutions on the market. Protectimus electronic visit verification system can be used with one of these hardware tokens: Protectimus Two, Protectimus Slim or Protectimus Crystal. Here’s how it all works exactly: The homecare provider or facility delivers one of the above-mentioned hardware tokens to a patient’s home. When the appointed healthcare specialist comes for a visitation he or she needs to turn the token on, generate a one-time password and write the provided code down. Once the home visit is done with the healthcare worker needs to generate a second TOTP and write it down as well.These two one-time passwords have to be passed on to the Protectimus electronic visit verification system next. Doing it is very easy — the healthcare specialist simply needs to call a special number and enter the patient’s id number and the two passwords generated during the home visit. The passwords can be sent over to the EVV system in bulk for all the patients visited in a day by the end of that day, or the call can be made after each and every visit.After Protectimus EVV system receives the passwords,...
read moreLiteBit 2FA with a hardware token
LiteBit 2FA (two-factor authentication) is mandatory for its users. This cryptocurrency exchange pushes you to set up 2-factor authentication during registration and it’s impossible to skip this step. It is also impossible to disable two-factor authentication in LiteBit, you can only change one authentication method to another. Unfortunately, LiteBit 2FA offers only two options by default: SMS authentication or authenticator app. Neither of these two-factor authentication methods can ensure maximum security. SMS authentication is vulnerable to SIM card replacement, smartphone viruses, and interception of one-time passwords by exploiting the cellular network vulnerabilities. Authenticator apps are also vulnerable to smartphone viruses. Also, people often lose smartphones or have to reset their devices back to factory default settings. This causes a lot of troubles with the recovery of all authentication tokens enrolled in authentication apps. We suggest you choosing hardware tokens for LiteBit 2FA instead. Fortunately, there are Protectimus Slim NFC – programmable hardware TOTP tokens. Protectimus Slim NFC are made to replace authenticator apps on all websites that don’t offer hardware OTP tokens by default. Buy a hardware token for LiteBit All you need to connect Protectimus Slim NFC token to your LiteBit account is an Android smartphone with NFC support and the token itself, of course: Download the application Protectimus TOTP Burner from Google Play.Use this app to scan the QR code with the secret key.Program the hardware token with this secret key via NFC. But let’s describe how to set up LiteBit 2FA with hardware token Protectimus Slim NFC in details. LiteBit 2FA with a hardware token Protectimus Slim NFC 1. Sign in to your account. To avoid phishing make sure you use the right URL: https://www.litebit.eu/ 2. Go to account settings. 3. Find 2FA settings. 4. Click the button “Change your 2FA settings”. 5. Either you use SMS authentication or Authenticator app, you’ll need to change your authentication method to another. Our goal here is to initiate the enrollment of a new secret key for the Authenticator app. So: if you use SMS authentication, just change your LiteBit 2FA settings to Authenticator app;if you use Authenticator app, at first you’ll have to change your LiteBit 2FA settings to SMS, and then back to Authenticator app. 6. So, start changing your LiteBit two-factor authentication method to Authenticator app. Choose “Authenticator app”. 7. You’ll get a 2FA code for SMS authentication deactivation via SMS. Enter it in the corresponding field. 8. You don’t need Google Authenticator, so just skip this step. 9. At last, you’ll see a QR code with the secret key. Use it to program the Protectimus Slim NFC token. The detailed instruction on programming Protectimus SLim NFC token is available here. 10. After the token is programmed, you’ll need to enter the 2FA code from the token in the necessary field. 11. If everything has been done successfully, you’ll see a recovery code. This code will help you to recover access to LiteBit if you lose your token someday. Save it very carefully, nobody should ever get access to this code. Then click the “Complete” button. That’s it. Please, let us know if you have any questions in comments or via...
read more