As the balance on my Alby Hub increases and especially as I think about using the family and friends feature I have been thinking more about the security of my funds and my Alby account.
I am happy with the security of the Alby Hub itself however it seems to me that the weakest link is through the Get Alby account and the LND Hub credentials.
Anyone with access to my email would be able to log in to my Alby account with a one time login code.
Once they have access to my Alby account they would be able to generate new LND hub credentials and with this drain the full balance of my Hub.
This to me seems like a security concern and there is nowhere else that I would have a potentially significant amount of bitcoin secured only by access to my email account.
To help resolve this I think it would be great if we were able to either secure our entire Alby account or at least secure the ability to generate new LND Hub credentials with TOTP 2FA. That would give me comfort in knowing that if my email was compromised I would not immediately be at risk of losing all of the funds in my AlbyHub.
It may also be possible or beneficial to give users the option to disable the LND Hub Credentials altogether especially given that our connection needs can now be met by NWC connections created directly in the Hub.
thank you i thought i was the only person thinking this. I'm so over all the password changing security notifications finger print thumb print photo id selfie , gees we need to pick a path and build it and stop all the switching and i defiantly disagree with putting the future of my assets in the hands of a email. needs one central data base no more than 4 wallets with a chosen seed phase embedded in your online algorithm. with all the fake coins out now cloning apps putfowarding streaming internet service we are heading down a very ruff path and i know I'm trying to find every brake to pull because i see the very outcome ahead and its not good. i jumped on board for the privacy and security of funds from the government but that included jack across the street that just wants to screw someone around because he didn't have a daddy at home I'm sorry but I've learned over the past 13 years that there are some real dirt balls walking around now days trust isn't even a word i use anymore. and do you know how easy it would be for a wallet with a few million in it to come across the screen of one of these fly by night coins and let you try to access it just to tell you your password is wrong until you lock yourself out of it and he is enjoying your money. i started with bitcoin on the chain and haven't changed it yet. I've tested the theory just to see i don't trust it. since I've put that on your mind help me in enplaning how is it telling me my password is wrong when i wrote it down double checked it letter by letter took a picture of it with a unlinked mp4 camera logged in to it shortly after with the very password that I'm being denied access with for the past 2 days. ill wait . thank you very much . have a bless day