Proposal:Implement Optional and decentraliced securitie layers like 2FA, KYC or face recognition

If we want to atract money from traditional banking I think securitie and trust from the noob users must be a priority. Adding more securitie features like 2FA, KYC… would atract more users from traditional banking, they will be more confortable using the platform if they know its imposible or very difficult to hack an account. A hacker can easily hack a private key from a noob user, enabling 2FA or 3FA options would be nice for the noob user. A optional KYC, may be an option for disabling withdraws and token transfers until completing a secure KYC. Preventing any posible hack would make more atractive the platform.

A problem could be (for Aave stakers) that token can be transfered when its staked (stakedAave token), I dont like this system, I have too much money in stakeed aaves and Ive got some fear a hacker hacks my private key, I know how to store it securely but fear is fear…I would be more confortable if a hard KYC or 3FA its asked when I want to unstake my tokens. I thought on selling my tokens because for me securitie of private key isnt enough

Zengo tech creates the seed of your wallet throw a Face recognitsion technology, crypto funds must be 100% safe if we want to be adopted by masses, a seed its not 100% safe.

1 Like

Use a hardware wallet to interact with DeFi. They don’t reveal your private key, and you shouldn’t type your seed online or on your computer if you do have a hardware wallet. That alleviates all of your concerns there as the attackers would need to physically have your hardware wallet to do anything.

2 Likes

No, no, and no!

We don’t need more security or trust by adding KYC…

1 Like

KYC is not a security feature like 2FA, you’re lumping together very different things. 2FA would be your wallet’s feature, not Aave’s.

As for traditional banking users, I think Aave is better off focusing on being a permissionless liquidity protocol. TradFi organisations that want access to DeFI and do not want to handle self-custody and key management would use services of a professional custodian.

4 Likes

May be I did not explain myself well, I think future banking dapps will implement this features to atract traditional users. Im proposing optional securitie features, not mandatory. I propose KYC because if its hard to hack can be a 2FA factor to authenticate the user.

Investors always have fear to a hack, the more securitie layers and options has a dapp more atractive would be. Now a hacker just stealing the pri vate key of your wallet has access to all your funds. In traditional banking you must verificate your ID to move your funds and thats why people feel his money is safe. Implementing a KYC to cashout your funds IMO doesnt meen dapp would be more centralized may be can be implemented with decentraliced ID apps .like civic. Just think about it, traditionak bank users will never think a private key is enough secure.

I would hope this DAO was a “K” word free zone
Just seeing those 3 letters starting with a K is sad and scary to me it’s going back :pensive: we should move forward instead not backwards…

Aave should be for ALL no exceptions and ALL should have access to AAVE i believe because it’s that important to people and even more important then token go up I must say.

Have that said decentralized Id apps is an option that’s interesting but only if anyone can get a decentralized id , with no exceptions, not sure how that works haven’t spent much time learning that.

Cheers :beers:

You do realize that even if you perform KYC, so long as I have your private keys I can still move your money right? KYC doesn’t protect the user from this scenario. KYC does more harm than it does good. Example being, KYC typically requires photo identification, address and if you’re in the US you probably need an SSN. All of this information will be stored on a 3rd party centralized server, because I doubt AAVE would have the capability to implement KYC for the entire world. Knowing this, this is an attack vector as seen with the Ledger hack. KYC also alienates a large amount of potential users of the platform. Let’s say AAVE does implement KYC but they can only provide service to those in the UK, well you’ve just eliminated all of North America, South America, Asia, Africa and most of Europe.
The best security approach is to eliminate the idea of private keys in general. At least from the users perspective. Loopring and Argent are two working solutions and also implement social recovery of your wallet. You also still have the option to use a Hardware wallet like Trezor, which does not reveal your private key.

2 Likes

You cannot “force” KYC or 2FA on blockchain contracts. It’s impossible, and it’s one of the main reasons I think we’re different from TradFi! We literally cannot discriminate!

Anyway, I get what you mean about attracting bankers & institutions, I do- but this is the tradeoff. We cut out the middlemen and eradicate discrimination, but we can’t individually protect anyone’s funds. That’s just how DeFi works, and it’s more than worth it in my eyes.

The wave of institutionals will likely coincide with more conservative markets, more developed on-chain insurance and potentially services specialized in bridging TradFi and DeFi. They will come.

Lastly, I recommend using a hardware wallet and maintaining a secure environment (maybe use Linux? -recommended by @Emilio ) when signing transactions. You are 100% responsible for your funds though- always.

3 Likes

If you want someone to listen to you, you should argue instead of insult.

My proposal to implement more optional security measures is to attract more money from traditional banks, if there were more optional and decentralized security layers, traditional finance users would feel more comfortable investing money in the aave app

Ok Sir.

AAVE will be more valuable than ANY traditional Bank the way it is don’t worry about that.

All we have to do is avoid KYC. Unless is 100% decentralized and available to anyone with internet access than ok we can talk more…

Have that said , it would ruin the experience putting another layer of burocracy in a Decentralized Application that’s not very wise in my opinion.

I understand your point and where you are coming from…

But I think you are missing the bigger picture here.

Not having KYC makes the tech available to countless more people and that’s undeniable.

And if that is undeniable I rather not have KYC because I want more people to use this tech ; and people that don’t have banks too ; instead of bringing money from people on Tradfi, Wich will come anyway regardless of KYC in my opinion.

If you are aware of a great decentralized iD project that could work than let’s talk about it.

But no decentralized iD project will make anyone in Tradfi “confortable” it won’t change anything in my opinion at this early stage.

Honestly it amazes me that someone is in DEFI and and even thinking about KYC I think that is a huge problem honestly.

In time countries will create laws and legislate crypto and that will be your KYC but we don’t have to implement it ourselves.

*didn’t mean to offend sir apologize

Cheers

3 Likes

Look at this tech Zengo is creating:

That is what Im proposing, adding an extra security layer in a decentraliced way, Seed and mnemonic phrase never would be enough secure to mainstream investors.

Zengo tech creates the seed of your wallet throw a Face recognitsion technology, crypto funds must be 100% safe if we want to be adopted by masses, a seed its not 100% safe.

Im in crypto many years ago, just for proposing adding a security layer doesnt means I have arrive yesterday

Social recovery wallets could be an option too:

Why we need wide adoption of social recovery wallets.

But surely the wallet technologies you already listed (more than once) work regardless of the dApp? So Aave does not have to add special support for them. What am I missing?

1 Like

Yes obviusly to implement this securitie layers require lot of work and resources. My vision is that lending dapps to be mass adopted require more securitie than a seed

This is in the power of your wallet provider, not AAVE itself.

1 Like