The PIN prevents access to the wallet and the eth2.0 validator signing keys in the event of theft of the server. When combined with a UPS that will issue commanded shutdowns upon a mains power failure, it will remain unlocked so long as standby power is provided to the server by the UPS.Ī PIN will be required whenever the USB key is disconnected from the server or if the server is unplugged from mains power. The key will be configured to remain unlocked when connected to the server during normal operations, reboots, and powered shutdowns. This provides an added layer of security for the home server node operator by placing these files on an AES 256 encrypted USB drive that requires a PIN key to unlock. This guide explains how to configure a Rocket Pool node to store its node wallet, password file, and validator signing keys on an Aegis Secure Key (model 3N or 3NX).
See Instructions for Using eCryptfs with Rocket Pool for more details. For this reason, the preferred method is using the Aegis key. However, issues have been reported when rebooting and having the RP software stack access the \data folder before it has been decrypted on reboot. Note: There is an alternate method using eCryptfs that does not require the purchase of an Aegis Key. As a Bitwarden user you're already ahead of the curve in password security.Instructions for using an Apricorn Aegis Secure Key with Rocket Pool The question of whether or not you should is one only you can answer and it depends entirely on your comfort level. Which raises the age not-so-old question, is a synced TOTP authenticator secret real MFA? Something you have is not something you have if the thing that makes it unique is synced to a cloud service and can be duplicated by anyone who gains access to it. If you enable a TOTP authenticator and email "2FA", you no longer need the thing you have, negating the entire point. To be true MFA, you need to cover at least two categories. Fingerprint, facial recognition, iris scan, etc. no web-based access) but it is laughably insecure. Technically SMS would be MFA if you only have SMS access on your one device (i.e. Some sort of physical cryptographic identification device. It is just another thing you know (the password to your email, which is just making two passwords). Adding an email isn't adding another factor. Email MFA is not real MFA and you're removing an important part of the equation by enabling it. You can, but it violates the principle behind MFA in the first place.
0 kommentar(er)
