Reason to trust
How Our News is Made
Strict editorial policy that focuses on accuracy, relevance, and impartiality
Ad discliamer
Morbi pretium leo et nisl aliquam mollis. Quisque arcu lorem, ultricies quis pellentesque nec, ullamcorper eu odio.
Here’s a move that could be a sigh of relief to traders on Bitstamp. A user by the handle “IamAlso_u_grahvity” posted a screenshot on the Bitcoin page at Reddit.com showing a withdrawal screen at Bitstamp, which now has a field for a two-factor authentication code, effectively adding a much-needed layer of security to the platform. The company also tweeted about the feature on Wednesday afternoon:
#Bitstamp is happy to introduce a new security feature – two-factor authentication for #Bitcoin & #Ripple withdrawals.
The use of the feature will greatly reduce the risk of a user’s funds being withdrawn fraudulently, assuming the user has the option enabled.
Despite the good news, some in the community think this should have come long ago:
“That’s already overdue for a long time. They should’ve implemented it last year… But still, good step forward,” wrote one user in response to the screenshot.
“About time,” another said.
Exchanges are taking the security of user funds extremely seriously, especially since the downfall of Mt. Gox — in which millions of dollars worth of user funds were lost due to what is assumed to be poor coding and security behind the platform’s software.
Rogier 
Miranda 
Isn’t that *three* factor authentication? To withdraw coins from Bitstamp, you already have to be [1] logged in (requiring a password) and [2] confirm withdrawals through email. And now, it also requires [3] an authentication code. Great stuff.
This is still an in-band solution, which means it is still vulnerable to man in the middle attacks (MITM). Anytime you have to type a code back into the browser you’re using, it is in-band. The only way around MITM is through an out of band solution. Take Toopher for example, it’s a 2fa solution I use through my LastPass (password manager). Toopher pushes the authentication to your smartphone and you authorize directly on your phone, rather than typing something back into your browser. It even has an automation feature that allows you to bypass having to do anything extra after typing in your normal credentials. So it’s secure and doesn’t annoy you, which I find many 2fa solutions do, like the one mentioned in the article.