I’ve recently lost coins I’ve held because this is not a feature. I have no idea why it isn’t still a feature despite Trust Wallet and many exchanges using it as a basic security protocol protecting the user from unwanted access.
The hacker who hacked me freely transferred my coins into ETH and sent the ETH to another wallet. Had this been a feature I would not have authorised the transaction and still hold my investment.
Please implement as a matter of urgency to all users.
@MaulluaM
Thank you for the suggestion! What you are referring to is commonly known as two-factor authentication, which actually does not support MetaMask’s security because MetaMask is a non-custodial wallet.
You can read more about this topic here:https://community.metamask.io/t/why-doesnt-2fa-help-metamask/8880?u=xf0707
As @xf0707 said, metamask is a decentralized product. The reason for your concern is fully explained in the post linked above. The only thing we can do is to keep our private key, don’t disclose it, and don’t click on unfamiliar links. In the world of blockchain, strengthening security protection is a subject that we all must attach great importance to.
So… no hope for an address whitelisting feature too?
This has been requested, you can follow and vote for the thread here:
already done , sorry 
This is good. I believe it will enable another level of security especially when ones device gets lost.
There are thousands of us in this situation that have smart contracts of some kind that require funds to be sent home to origional address. An ything to slow the thief down would be great whitelisting ip’s only allow certain specifics systems to access, I realize that it may not be lasting or perfect solution but could buy us the time to recover out funds, I have already lost a couple hundred thousand and it represents decades of my hard work and sweat, I sure dont want him to get the last of it im old and want my wife and i to enjoy our last days, I can’t stand to see what it has done to my wife
Adding 2FA or Whitelist IP feature is a great idea to add extra security . Most of the time one tend to only access your account from one network.
I on the other hand got hack through sending my device in for repairs at a pc repair shop which i couldn’t recuperated the funds due to me backing up my system but not wiping it…
I now am forced to spend extra on cold storage fees and im afraid if there isnt extra added security with MetaMask then ill have to start looking at other wallet options.
I do believe there has been touched on this kind of topic and it was laid out that “adding 2FA is like adding a lock but leaving the back door open”.
To that I say, if your home is burglarized while you enjoying a nice peaceful off the grid getaway and those thieves manage to find that so believed well hidden wall safe with your seed phrases stored inside, you complete ruined. This can all be avoided with simply the added feature of confirming an outgoing transaction.
I say if you care about your users then you’d think that no seed phrase is safe unless, probably memorized. 1 household, 1 safe, 1 key that is pretty much the setup…
Here is more information our Knowledge Base:
I have some idea what is being referenced with this poorly expressed response. The point is if they can ask you to provide a password on login, you can add a little bit more security with the password. I feel it is merely an excuse in not to provide it. In order to use other networks within one grant-specific permission which increases risk, a simple thing such as confirmation on a withdrawal can minimize the risk.
In this case where advisement of a cold wallet is raised - I would not trust connecting my cold wallet to MetaMask at all then but this is just my view.
But even if 2FA is feasible (though the community is crying and clamoring for it), can there be a multi-sig on wallets, this will at least help those accounts are already been accessed through smart contracts.
Also, revoking token access should also be gas-free, because when a user try to send eth (for example) to a wallet to revoke token access but the eth is transferred almost immediately and thus token revoking can’t be done.
I think these are features that should be added. We love MetaMask but scammers are getting smarter and richer through users funds. A Multi-Sig would help this and a gasless token revoking will do wonders.
Thanks.