Many scammers are able to access Metamask through a malicious link. I know it’s our responsibility to take care of this, but it would be very helpful for Metamask to ask for two-factor authentication before any sales transaction. This would prevent scammers from selling our tokens in case we were hacked. Make sense?
Even if MM has 2fa, if I am a hacker and I get your seed, I will import your seed on the tp wallet, and then transfer your assets.
Hi @Mayer welcome to Metamask community forum. The password you set for your wallet on the time of creation/importing your wallet is more than enough to prevent your files getting hacked. They can be hacked but this password file encrypt your files and hacker won’t be able to access your funds without password. However as mentioned by @0coininMM if a hacker has your recovery phrase or seed phrase or private key then no matter if you put a strong password or 2fa, all will be useless and your funds can be accessed via recovery phrase by anyone who has it. So the best way to protect is take necessary actions to protect your seed phrase by yourself.
I agree with you. Most people are non-technical staff, at least that let me feel more comfortable before I did a transaction.
I use a Ledger Nano S connected to my Metamask. It’s not 2fa, but you need the hardware wallet to get access to the money. I guess there probably is some ways to get around a hardware wallet connected to Metamask, but it think it’s a more secure solution than not using a hardware wallet.
Google Authenticator, powerless against wallet fraud, most people exchange voluntarily