AlphaBay Market Announces Mandatory 2FA for Users
The AlphaBay Market announced earlier this month that they would begin enforcing stronger security measures to protect their users in the wake of an increased level of phishing attacks hacks user’s accounts. These new account security tactics consist of pin based logins and 2FA authentications (also known as Two-Factor authentication) to help deter the success of phishing attempts. The new security measures will be encouraged to all shoppers while becoming mandatory for Darknet vendors.
“We now enforce mandatory 2FA (two-factor authentication) for all vendors. This is part of an increasing effort to stop phishing on the marketplace. We recommend that everyone uses 2FA for more security,” was the announcement displayed on AlphaBay Market’s homepage for all users last week.
While it’s great to see the admins of the AlphaBay Market take the initiative of further protecting their visitors, it makes one wonder why popular clearnet based sites such as Google, Amazon and others alike have not already initiated these steps. Google and large ecommerce websites such as eBay and Amazon have been prime targets for hackers over the last several years. Sure they encourage their users to regularly update their login credentials and take further steps to avoid hackers from gaining access to their accounts, but with so much sensitive user information only a well made phishing page away why haven’t such sites begun using 2FA authentication? It’s been proven time and time again that a simple password alone is not strong enough protection for popular websites.
What is 2FA Authentication?
But what is 2FA authentication and why should it be implemented among all sites that contain sensitive information? 2FA authentication is based on PGP (Pretty Good Privacy) encryption. Basically the website utilizing Two-Factor Authentication would require it’s users to upload a public PGP key to their account information and everytime they attempt to login the website would send an message encrypted by the public PGP key. The user would then need to decrypt the message using their private PGP credentials that only the have access to and enter the decrypted message into the website. While it may sound a bit technical to those new to PGP encryption, its actually a very simple, quick extra step that could alleviate any potential risks of having one’s personal information compromised. Even if a hacker was to steal the password to a user account, they would not be able to gain access without authenticating the encrypted message sent from the target website.
AlphaBay also gives users an option to use what they call a pass phrase. The pass phrase is a mnemonic list of seven words that are required when retrieving a password that has been lost or forgotten. Without a pass phrase set up then the user will not be able to recover their forgotten password and will lose access to their account. Alphabay also requires a 6 digit pin number for withdrawing bitcoin as a third layer of protection against hackers.