►
From YouTube: TokenScript Weekly Meeting 20200402
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
Yes,
yeah
now
go
now,
I
read
got
it
okay,
good.
So
this
is
basically
the
steps
for
sharing
and
recovering
I'm
going
to
go
through
the
simplest
scenario,
which
is
using
SMS
and
email
as
a
second
factor,
and
then
I
will
go
through
the
the
scenario
where
that's
where
the
the
the
secret
question
is
used.
That
second
factor,
then
I
will
go
through
the
process
of
them.
A
Google
authentication
use
that
second
factor
and
there
are
different
implications,
so
the
the
first
one
is
the
one
that
I
verified
with
the
toad.
That
I
believe
already
work.
But
let
me
go
through
walk
you
through
the
process
so
step,
one
user
enters
a
password
and
this
password
is
going
to
be
distributed
to
every
to
every
one
of
these
three
parties.
Well,
we
are
going
to
do
the
question
later
and
this
there
are
protocols
to
use
and
toys,
and
it's
going
to
investigate
what
software
package
our
protocol
is.
A
Can
we
adopt
for
this
purpose,
so
the
the
there's?
The
reason
for
some
cryptographic
protocol
will
be
involved
here
is
that
we
cannot
share
the
password
directly
two
to
three
parties,
because
then
each
one
can
figure
affect
the
users
identity
through
two
entered
recovery
as
the
other
person
as
the
other
user.
So
the
idea
is
that,
even
if
the
hacker
takes
one
of
the
three
parties
down
and
take
a
photo
ownership
of
the
server
he's
not
able
to
restart
the
recovery
process
by
pretending
having
the
password-
and
the
second
is.
A
The
second
step
is
that
user
enters
a
second
to
that
second
factor
in
this
case,
email
and
SMS.
So
we
will
are
for
Molly
to
assign
we'll
set
up
a
server.
There
are
four
well
is
not
one
of
the
three
parties
and
from
wallet
will
verify
that
the
user
own
email
address
a
mobile
phone
by
renovating
a
one-time
code
and
then
copy
the
email
address
and
telephone
number
to
three
parties
now.
A
The
second
effect
for
the
second
factor,
if
one
of
these
parties
taken
over
by
a
hacker
and
and
they
would
not
be
able
to
to
to-
they-
would
not
be
able
to
as
I
explained
they
already
not.
They
are
not
able
to
you
to
use
the
password
to
start
a
recovery
process,
but
even
if
they
have,
they
are
not
able
to
do
the
second
factor,
because
that
would
require
code
being
sent
to
the
users
mobile
phone,
and
you
can
see
here
in
the
in
the
in
the
validation
process.
No
matter
it
doesn't
matter.
A
If
user
choose
a
mobile
phone
or
email,
the
user
has
to
answer
three
codes
from
three
parties.
That's
to
intend
it
so
that
the
each
party
has
to
work
by
themselves,
and
the
third
step
is
the
traditional
mystical
sharing
process
where
the
user
and
the
equip
depart.
The
private
key,
which
is
typically
stored
in
the
encrypted
format
in
the
mobile
phone
and
then
enter
the
secret
sharing
protocol
and
each
party
will
have
a
shared
a
secret.
So
this
is
the
setup
process
and
the
recovery
process
now
normally
the
normally.
A
These
three
parties
will
do
some
other
protocols
like
refreshing
key
and
which
is
not
covered
here
and
now
the
recovery
protocol.
The
first
step
is
that
user
provide
a
password
and
enter
a
distributed,
password
and
verification
protocol.
The
intention
is
for
all
three
servers
to
all
three
parties
to
to
recognize
to
recognize
the
user
is
the
same
person
as
well
previously
backed
password
backup.
The
key
and
then
second
step
is
that
three
parties
independently
send
the
code
to
the
user
and
so
that
if
the
user
had
stolen,
the
Pope
has
a
poor
password.
A
He
has
to
have
a
little
bit
of
protection
and
the
third
and
the
third
stage
is
that
the
three
parties,
I
am
all
authenticated
against
the
user.
No,
this
is
the
same
guy
who
showed
up
earlier
and
start
a
password
recovery
protocol.
Basically,
this
is
how
it
works
and
in
the
in
the
in
the
simplest
case
where
the
second
factor
is
the
same
as
our
email
address
so
and
I
think
I
already
talked
about
this
with
all,
but
now
I'm
sharing
this
with
everybody,
so
it
doesn't
make
sense
so
far.
D
B
Sent
from
each
of
the
service
holding
a
share
of
the
users
private
key
basically,
this
is
this
is
to
avoid
the
fact.
So,
let's
say
the
user
has
has
been
just
not
practice.
Good
password
hygiene
and
you
know,
has
used
a
low
entropy
password
write
the
password
you
know
like
password
and
one
of
the
service
is
evil
and
wants
to
learn
the
users,
the
users
useless,
aetherium
key.
B
So
then
it
just
pretends
to
be
the
user
towards
the
other
two
honest,
honest
service,
since
it
already
knows
its
password,
but
that's
not
gonna
be
enough
because
it
needs
to
to
have
the
second
factor.
If
there's
only
one
second
factor
it
it
becomes.
It
becomes
way
more
easy,
because,
if
that,
if
that,
if
there's
a
second
factor
also
have
us
agree
on,
then
that
evil
so
necessary
also
know
that
and
be
able
to
impersonate
the
user.
B
D
Yeah
that
makes
us
I
mean
I,
guess
also
what
I'm
asking
here
is.
So
what
does
the
user
have
to
give
to
get
that
so
on
the
left
sides?
So
it's
still
the
same
passwords,
an
email
and
or
does
he
have
to
give?
For
example,
three
passwords
or
three
emails
is
the
condition
still
password
in
email
or
is
there
more
steps
to
I?
Guess,
that's
all
yeah.
It's.
B
B
A
E
Cool
okay,
so
from
the
last
step,
you're,
essentially
using
the
excuse
me
the
feedback
from
a
those
three
inputs
through
the
algorithm,
and
then
we
combines
into
a
private
key.
E
E
C
C
A
For
this
week,
an
alternative
recovery
protocol
where
the
user
starts
with
the
email
and
SMS
and
yeah.
Actually
this
should
be
the
correct
recovery
protocol
and
but
that
has
the
problem
that
and
okay.
So
this
is
a
motive
modified
protocol
to
solve
your
problem
where
the
user
might
have
forgotten
in
there.
A
If
your
address
is,
is
actually
more
complicated,
there's
a
first
step
where
the
user
enter
the
mobile
phone
number
or
email
address,
and
then
the
user
have
to
enter
the
password
and
then
the
authentication
code
is
sent
so
effectively
step
two
has
to
be
broken
into
two
steps:
one
is
an
user
enter
the
email
address
and
the
SMS,
and
then
this
is
an
Center
to
the
each
individual
node
in
place
of
the
serum
address,
and
then
we
restart
from
protocol
one
yeah.
So
thank
you
for
reminding
that
so
yeah.
B
C
E
B
C
A
A
A
D
Yes
can
add
some
notes
here
by
the
way
we
won't
I
do
I
do
try
to
design
that
according
to
what
I
call
it
protecting
the
user
against
himself
and
the
ideas
that
would
ask
him
the
password
first
and
it's
I
think
it
would
be
an
interesting
idea
for
him
to
read.
For
today
it
needs
to
be
a
unique
password.
D
Email
is
asked
later,
so
he
might
not
exactly
associate
the
same
password
with
the
same
email.
So
it's
Brian
get
a
password
first
regarding
the
forgetting
of
the
password
at
this
stage.
If
we're
forcing
him
to
write
I
understand,
he
needs
to
remember
and
more
than
that,
I
mean
yes
most
of
the
interviewers.
What
they
say
from
non
security
minded
users
they
they
will
do
that
they
will
just
use
the
same
password
and
I
mean
another
option
that
I
was
considering
a
few
days
ago.
D
Sigh
after
it's
to
really
prevent
some
sort
of
a
drain
of
accounts
is
to
have
an
authorization
for
transactions
as
well.
So
this
is
something
that
they
can
set
up
later.
So,
even
if
a
hacker
breaks
into
the
accounts,
maybe
he
can't
actually
drain
the
at
that
point,
but
this
is
I
guess
is
for
outside
discussion.
B
Okay,
I
was
also
thinking
like
from
usability
point.
We
could
have
that
at
certain
intervals,
whenever
they
use
ice
is,
is
using
the
app
he
is
asked
to
to
confirm
his
password
just
versus
sexi,
not
a
security
thing,
it's
more
like
to
ensure
that
he
actually
remembers
it
and
if
he
has
forgotten
it,
then
at
this
point
is
the
last
access
to
his
phone
and
still
has
the
keys.
So
at
that
point
we
can,
he
came
in.
He
canon
change
the
password
without
any
issues.
The.
A
Password
being
compromised
is
a
bigger
problem
than
password
being
forgotten,
because
in
this
setup
it's
not
possible
to
recover
the
password.
But
it's
possible
to
recover
the
secret
without
password
or
the
user
needs
to
is
to
go
through
the
legal
channel
and
do
it
outside
outside
of
this
network,
to
convince
the
three
parties
to
return
the
password
at
the
private
key.
Okay.
B
A
E
C
C
C
A
A
In
the
problem
way
that
uses
condom
anybody
see
trace,
yes,
the
user
cannot
remember
to
see
the
face,
and
the
user
probably
cannot
remember
very
long
password
and
we
ask
them
to
do
a
very
non
password.
This
is
the
problem
and
the
original
proposal
I
had
to
solve
this
problem
is
actually
non
cryptography,
so
that
and
I
asked
three
entities
to
be
legal
entities.
One
can
be
in
China,
because
if
you
need
one
China,
the
other
can
be
in
Australia,
because
Koba
is
the
best
person
and
third
can
be
in
Sweden
or
Switzerland.
A
So
the
person
will
individually
provide
a
legal
relationship
with
the
three.
So
in
the
sense
like
I
can
I
can
get
a
lawyers
like
write,
letters,
203
or
I
can
go
through
a
hold
your
passport
and
say
I
love
the
certain
company
and
then
do
a
video
and
the
other
person
will
authenticate
against
this
person.
A
So
so,
whose
question
is
how
do
we
prove?
How
do
we
and
we
are
just
replacing
the
burden
of
keeping
the
seed
phrase
with
the
burden
of
keeping
the
password?
So
can
we
solve
that
and
I
said
that
to
the
solve
that
we
need
authentication
methods.
That
is
not
cryptographic.
That
is
a
it's
based
on
the
user's
authenticating
against
three
parties
individually
through
methods
like
lawyers
letter
or
holding
the
passport
and
taking
a
photo.
D
So
the
password
was
the
most
confident
if
they
want
to
produce
the
most
confidence
for
both
crypto
users
and
on
crypto
users.
Questions
most
crypto
users
would
say
that
they
feel
that
hackers
would
specifically
target
this
app
because
it's
easier
to
social
engineer,
so
they
didn't.
If,
regardless,
if
it's
true
or
not,
they
didn't
feel
secure
about
this.
The
scenario
unknown
crypto
users-
they
just
would
say
well
I
hate
questions.
I,
would
rather
just
keep
on
moving
on
with
the
optional
aspect
and
passwords
at
least
was
the
most
confidence
inducing
I.
D
Don't
know
like
the
way
I
see
it
here.
Is
that
we're
trying
to
things
to
protect
against
the
user
against
potential
hacker
outside
party
and
we're
doing
that
with
you
know
from
all
the
Latian
biometric
entry
to
transaction
authorization
to
this
wallet,
backup
when
attacking
again
himself
and
I
I,
don't
think
we
fully
solve
that
I
suppose,
but
so,
for
example,
banks
use
the
customer
support
in
kyc
right.
D
B
Also
the
aspect
of
it
here
that
the
password
does
not
need
to
be
that
high
entropy
in
this
case,
because
corrupting
one
of
the
services
does
not
allow
an
adversary
to
brute
force
it.
This
means
they
can
do
online
throttling
to
like,
say
you
can
only
try
to
do
recovery
three
times
within
24
hours,
for
one
account.
D
B
Yeah,
oh
that's
so
so
so
what
I'm
saying
is
that
in
this
case,
in
order
to
it
doesn't
need
to
be
a
super
high
entropy
password,
the
entropy
of
the
password
is
not
this.
Is
it's
not
essential
in
this
case,
I
mean
it
shouldn't,
be,
you
know
just
monkey,
but
it
does
not
have
to
be
like
a
12-digit,
alphanumerical
special
character
password
because
because
in
this
case,
whatever
database,
each
of
these
servers
hold
will
not
allow
them
to
brute-force
a
user's
password.
B
B
Do
this
so
this
means
you
can
implement
online
throttling
of
this
dis
recovery.
So
it
means
that,
if
a
user,
if
you
try
to
recover
for
user,
you
only
get
like
say:
three
tries
to
type
in
the
password
the
password
correctly
and
if
not,
they
don't
get
locked
fall
for
24
hours
or
something
like
that
and
you
send
an
email
to
the
user.
Hey
someone
is
trying
to
get
into
your
account.
Was
this
correct
or
not.
D
B
Yeah,
it
doesn't
doesn't
even
need
to
be
that
that
extreme
exit
I
mean
it's
not
that
extreme,
but
this
is
more.
It
can
be
more
related
to
like
an
OTP
again.
I
would
not
recommend
it
just
being
like
a
six
digit
number
I
would
recommend
it
being
a
bit
more,
but
it's
not
as
critical
as
say
like
with
a
recovery
phrase
or
or
things
like
that,
the
exactly
because
we
can
do
this,
there's
a
nine
problem
to
ensure
that
that
that
it's
not
that
you
cannot
good
force
the
password.
B
Basically,
that
you
can
only
do
like
a
few
tries
and
then,
when
we
send
em
into
the
user,
and
then
you
know
yeah,
you
can
handle
the
situation
from
from
from
down.
So
it's
gonna
be
very
unlikely
that
they
gets
a
password
within
like
five
or
ten
ten
tries,
even
if
it's
even
if
it's
a
pretty
low,
entropy
one.
Unless
it's
you
know,
unless
it's
like
an
attender
stuff,
most
frequently
used
passwords,
but
I
mean
that
is
also
something
you
know
we
can
manually
check
against.
D
Okay
I
mean
because
ultimately,
if
we're
thinking
it's
their
parties
is
protecting
the
funds,
not
the
wallet
itself
right.
So
if
you
really
want
to
reinforce
this,
I
would
say
that
you
can
think
outside
of
this
protocol
and
put
some
sort
of
a
two
factor
is
a
shield
for
transactions
themselves.
So
the
only
case
would
be
a
scenario
where
a
hacker
would
physically
steal
the
device
and
force
him
to
physical
attack,
I
suppose.
A
D
Yeah
I
think
we
are
we
drift
off
a
little
bit
that
Vaughn
was
talking
about
what
if
the
user
puts
the
same
password
as
an
email,
what,
if
he's
really
dumb
and
just
makes
a
mistake
out
of
it?
What
can
we
prevent
that
protect
him
against
himself
in
case
of
forgetfulness
I,
just
priming
him
a
lot,
but
if
it's
against
potential
hacker
I
guess
this
solves,
it
explains
that
we
can
solutions
to
covers.
A
C
A
C
A
Yeah,
okay
and
the
cloud
is
bad
because
someone
working
in
Dropbox
can
already
take
it
out
of
the
files
and
start
working
at
his
home
computer
now
get
back
to
the
story
and
the
same
couldn't
be
done
by
the
parties
by
the
way
in
our
protocol
and
now
get
back
to
the
story.
Now,
let's
say
a
variation
of
this
product.this.
A
A
variety
of
this
process
is
where
the
second
factor
is
a
single
security
question,
which
Luke
has
proposed
that
some
users
can
use
this
except
better
than
previously
and
and
then
and
the
single
security
question
I
would
simplify
it
as
an
as
as
two
things.
First.
Is
that
the
answer
to
that
security
question
is
simply
padded
after
the
password
and
go
enter
the
same
protocol
and
the
second
is.
The
security
question
is
simply
used
in
place
of
mobile
phone
and
email
address
for
the
second
factor,
authentication.
A
Suppose
we
encode
a
few
a
pre-selected
question
and
then
the
user
entered
the
when
and
when
the
recovery
starts,
the
user
entered
the
enemy,
dress
and
provide
password
and
then
the
second.
In
the
second
stage,
the
user
would
be
presented
with
the
right
question
out
of
the
two
hundreds
which
this
all
the
three
servers
remember
which
question
it
is
and
then
the
user
provide
answer
and
which
is
actually
taken
padded
again
against
the
password.
And
then
the
protocol
doesn't
have
to
change.
A
A
A
B
A
So
let
me
explain
why
the
parent
I
didn't
twist
the
parent
solution
where
there
is
a
single
question
announcer,
and
that
answer
is
centered
to
all
three
parties.
The
reason
I
didn't
do.
That
is
because
I
think
it
simply
didn't
didn't
mean
anything
as
well,
because
every
party
gets
the
same
question
they
can.
If
the
hacker
takes
down
one
of
these
service,
they
can
use
this
question
to
make
ten
factors
or
tintin
does
pointless
for
others
yeah
exactly
yeah.
So
so
it's
all
so
pointless.
B
D
I
think
it's
actually
the
better
idea,
so
that
is
that
confidence
used
about
the
same
with
her
without
a
question
for
the
users
and
what
a
feedback
was
the
most
would
skill
if
it
was
optional.
So
if
there's
no
tangible
security
benefit-
and
it
just
complicates
things
by
now-
I
think
it
could
be
skipped.
Yeah,
I'm,
just
retiring
good.
A
Good,
then
take
it
as
a
conclusion.
Please
update
the
model,
so
we
now
we
now
we
enter
the
second
stage,
the
one
with
variation
of
this
protocol,
which
is
we
say,
we
don't
take
it
and
the
third
one
is
a
variation
and
which
is
an
introducing
Google
Authenticator
as
a
second
factor,
and
we
have
done
some
users,
research
that
shows
that
people
seem
to
be
more
confident
if
they
have
done
so
and
I
will
I
will
demonstrate
what
happens
if
you
introduce
Google
Authenticator.
So
if
you
introduce
Google
Authenticator,
there
is
a
problem.
A
We
cannot
adopt
the
previous
protocol
because
we
cannot
copy
it
to
the
three
parties,
because
it
doesn't
make
sense
to
me
so
because
the
Google
Authenticator
secret
was
an
yeah.
It's
not
it's
knowledge
and
it
should
not
should
not
be
shared
between
the
three
parties.
Otherwise,
there's
no
point
of
second
lecture.
So
I
put
this
a
mock
here
and
there
there
are
two
ways
to
work
to
to
to
to
solve
this
problem.
A
One
is
to
have
three
Google
Authenticator
code,
which
is
I,
think
the
just
stupid
idea,
everybody
who
has
three
Authenticator
code
who
enter
the
process,
I
didn't
even
do
using
to
inter
user
research,
but
I
think
it's
apparent.
Sorry.
Unless
you
want
to
disapprove
me,
there
are
three
Authenticator
code
for
setting
up
stupid
and
difficult.
A
That's
crossed
out,
okay,
and
the
second
second
approach
is
to
change
this
three
party
protocol
into
this
three
party
plus
one
protocol.
So
what
we
do
here
is
when
user
provided
Google
Authenticator
secret
I'm.
Sorry,
we
will,
when
we
provide
Google
thinks
it
has
create
a
secret
from
to
Google.
We
here
refer
to
our
for
wally
to
the
company
and
we
set
up
a
server
and
the
service
could
second.
A
D
D
Yeah
so
yeah
exactly
so
when
I
was
asking
about
your
factor.
Authentication
SMS
was
all
that
I
was
very
insecure
and
we
created
this
effect.
They
just
consider
the
entire
operation
insecure
because
of
this
email
was
considered
neutral
and
but
every
specifically
crypt
reuses.
They
were
very
way
more
confident
using
an
Authenticator
app
uses
the
choice
of
all
of
them,
but
I
guess.
The
question
here
than
I
have
to
ask:
is,
if
I'm
a
critic,
does
this
increase
liability
for
alpha
wallets?
A
Become
single
point
of
failure,
but
you
can
also
argue
that,
because
I
firmly
provides
a
mobile
wallet,
they
have
some
responsibility
anyway,
and
also
because
you
are
for
well,
it
doesn't
know-
and
not
only
the
users
private
key
in,
but
also
not
any
share
of
the
users
private
key.
Therefore,
it
can
be
argued
that
the
responsibilities
are
for
qwali.
Thinking
is
acceptable,
I,
don't.
B
A
Trust
one
side
is
cannot
for
wallet
compromise
user.
The
answer
is
no,
we
don't
have
no
any
share,
so
it
doesn't
add
that
adds
that
kind
of
responsibility
to
us
at
all-
and
second
is-
is
our
from
one
server
becoming
now
a
single
point
of
failure.
For
example,
if
I'm
for
one
server
is
by
Amazon
and
then
Amazon
is
having
a
conflict
with
our
for
well,
they
shut
down
the
server,
then
we
would
user
no
longer
be
able
to
return
to
recover
their
password.
D
Okay,
okay,
yeah,
you
said
it
so
I
guess
the
scenario
of
the
user
can't
recover
what
they
have
because
of
Amazon
server.
It
sure
is
not
really
plausible.
No.
A
A
The
most
the
more
realistic
scenario
is
that
the
party
did
something
to
us,
but
since
we
all
changed
our
nationality
to
Australian
this
year
should
be
less
a
problem.
So
what
the
party
typically
typically
would
do,
is
they
ask
you
to
do
certain
things
and
they
can
depend
or
whatever,
there's,
no
no
regulation,
what
the
party
cannot
do.
Yeah,
of
course,
sorry
I
forgot
to
say
the
party
is
Communist,
Party
I,
guess
everybody.
C
A
Yes,
and
if
someone
compromised
this
after
what
it
listen
Todd,
do
you
think
in
this
setup
a
hacker
has
no
incentive
to
try
to
compromise
our
wallet.
This
server
I
use
this
yellow
thing.
Sorry
orange
thing:
it's
called
an
Amazon
lambdas
symbol.
So
do
you
think
that,
with
this
setup,
the
hacker
has
more
incentive
to
crack?
This
then,
compared
with
the
previous
setup.
A
A
B
A
Only
the
reverse
yeah,
so
the
previous
case,
you
don't
use
a
very
valid
date,
the
password
first
and
then
do
the
second
factor
late.
Second,
because
that
we
don't
want
users
to
be
bombarded
by
attempts
to
guess
the
users
password
and
you
know
receiving
SMS
midnight
every
time
with
somebody
what
tries
to
get
your
password,
but
with
two-factor
the
order
is
reversed.
A
B
A
B
B
Actually,
it
doesn't
that
once
I
get
to
that
motivation
like
if
the
server
tries
it
tries
it
then,
at
some
point,
finds
out
that
he
guessed
some
password.
They
have
more
motivation
to
compromise.
Some
specific
second
practice
was,
in
the
other
case,
they're
shooting
a
bit
more
in
the
dark
by
not
knowing
whether
they
have
guess
guess
correctly.
I
mean
there's
still
need
to
compromise
both,
but
in
in
the
case
where
they
learned
what
the
password
was
right
enough.
They
have
more
motivation
which
I
mean
in
case
of.
B
A
So
so
we
can
be.
This
gives
us
advantage
of
sending
the
email
and
clearly
say
that
if
you
have
not,
if
you
have
not
initialized
the
password
recovery,
there's
clear,
then
somebody
already
know
your
password
yeah,
exactly,
which
means
there
was
a
happy.
You
need
to
continue
media,
which
early
early
notification
is
important.
You
know
Kerberos
yeah,.
D
B
A
Asked
to
talk
yes,
and
if
you,
if
you
anticipate
a
lot
of
users,
will
simply
not
use
email
as
an
SMS,
then
we
will
enter
the.
We
will
save
them
by
the
Google
Authenticator,
oh
because
of
the
complicity.
You
know
that
you
guys
know
that
I
wanted
to
reduce
complexity
of
the
project
in
order
to
deliver
it
when
they
choose
to
implement
a
Google,
Authenticator
second-stage.
A
A
It's
so
so
look
as
I
think
the
the
way
you
look
at
this
is
the
cart
abandonment
right.
So
if,
when
another
user
would
happily
finalize
the
process.
D
A
Can
I
can
I
think
a
little
bit
about
this
one
yep?
Can
you
can
you
just
help
to
help
you
think
there?
The
Vantage
of
having
Google
Authenticator
is
that
that
it's
more
secure
than
those
who
refuse
to
provide
it's
more
secure
for
those
who
refuse
to
provide
email
and
mobile
phone
number
and
the
disadvantage
of
having
Google
Authenticator
is
that
the
software
has
become
is
more
complicated
after
well.
It
becomes
a
honey
port
and
the
user
probably
are
not
protected
anyway,
because
they
probably
lose
the
mughals,
and
here,
together
with
mobile.
A
D
D
B
D
Yeah,
it
was
was
about
there's
a
lot
of
this
question
in
particular
an
SMS
again
pretty
quickly.
Users
just
didn't
strike
them
as
secure,
but
for
non-group
the
users
they
were
fine,
I
mean
banks,
do
it,
but
I
think
the
fundamentals
but
banks.
Ultimately
they
have
assurance
and
they
have
customer
support
to
bring
you
back.
Anything
really
goes
wrong
here.
We
don't
have
that
benefit
I'm.
So
the
confidence
of
that
semester
seems
to
be
a.
The
trade
off
doesn't
seem
to
be
worth
it
at
that
point,
but
email
they
were
more
neutral
about
it.
A
D
D
A
Whenever
wallets
notice
done,
people
cannot
recover
their
process.
The
availability
issue
is
a
concern
for
the
existing
secretion
protocol
too.
Even
if
one
node
allowed
to
fail,
the
chance
of
failing
is
still
possible
because
we're
early
stage
of
blockchain
and
everybody
play
with
their
ideas
and
never
care
about
availability.
D
C
D
D
So
perhaps
it
des
tends
to
just
asking
a
few
more
times:
I,
just
removing
it
and
asking
and
just
sewing
email
and
then
seeing
if
the
confidence
remains
so
maybe
H
I
should
just
check,
because
right
now,
I
guess,
there's
a
bit
of
a
trade-off
I
suppose
maybe
there's
no
confidence,
loss
and
they're
not
fixated
on
the
Authenticator,
if
they're
never
shown
that,
but
they
also
not
shown
the
SMS
they're
only
shown
the
email
as
a
two-factor,
and
then
it
becomes
like
that's
just
one
choice
they
never
think
about
it.
Does
that
make
sense,
I.