Online wallets such as BitGo and Coinbase make Bitcoin much more approachable. That said neither seem to prioritize enabling two-factor authentication. This is surely an artifact of them trying to minimize account setup friction.
The net of this decision is that users have to know setting up two-factor authentication is a good idea and go spelunking for the setting in the account settings.
For technical users this maybe fine but for the less technical often times they either don’t know such an option even exists or don’t have the patience to find where this is done.
It might seem like an unfair criticism to suggest this is a bad approach since most banks and e-commerce sites don’t go make this experience much better but I think Bitcoin companies can and should do more.
If LinkedIn, Facebook and Twitter can remind us to improve our social profiles these high-tech financial institutions can remind us to improve our account safety.
UPDATE 07/28/14: Mike Belshe of BitGo points out that it may not be directly obvious but BitGo does actually require two factor authentication once you add a wallet to the account but since I did not attempt to create a wallet until the account was adequately secured I never observed this enforcement. This approach represents a decent trade-off for reduction of account sign-up friction and account security.
UPDATE 07/29/14: I should also point out that Coinbase does require you to use multi-factor if you use their vault feature. I personally think that they should still be encouraging non-vault users to use multi-factor though.
I would add that while these new wallet services are much easier to use than their predecessors I think there is still plenty of room for improvement and I am looking forward to seeing what they and the newer entrants to this space will bring to the table for users.
If you’re not familiar with the user experiences these two services check out these presentations that show you how to setup accounts with them:
Thanks for the insightful article, 2-FA is just a necessity with many web-based services these days – it is the only protection against keyloggers.
As for your info about BitGo – we actually do require 2FA on all accounts. The site won’t enforce this policy until you actually create a wallet, so it may seem not required even though it is. We also have a number of changes coming in the near future to beef up 2-FA even more.
Mike, thanks very much for responding I have updated the post accordingly.