Actual Real Problem:
I am part of a group where some members had their MetaMask accounts swept for all coins and NFTs in a matter of a split second just clicking on a link. This problem simply has to stop now once and for all.
Propper MetaMask Security:
Can you please make a separate phone app for approval of all transactions using MetaMask plus an NFT and Cryptocoin transfer/usage lock in MetaMask.
Phone App:
Its function is every time there’s an transaction on ones MetaMask one have to approve it with the separate phone app using biometrics and a autogenerated code. This way no one can transfer or use ones NFTs and Cryptocoins and they will be secured. We have such an app where I live for all online transaction’s and its more than highly effective.
Separate NFT and Cryptocoin Locks:
Their function is that one can separately lock ones Cryptocoins and or NFTs in ones MetaMask account so that they cant be transferred or used. The lock should then only be able to be opened with an SMS code etc. This will act as an extra security on top of the above mentioned app.
The team is always working on ideas for security management, but one of the major precautions of Self Custody, is that you are responsible for your security. The members of your group would have needed to interact with a contract and approved a transaction for their tokens to have been removed, or, they had some type of malware installed on their computer.
For 2FA (or something similar) to work, it would either need to be included in the Ethereum/another EVM compatible chains base layer protocols or would require a central server to hold your SRP, and 2FA against it when trying to sign a txn. (this is the approach some wallets are taking to key management. We will never store personal details like SRP, Email address, etc)
Hardware wallet + password to lock the app + good security protocol.
We’re working on the Knowledge Base sections about scams to help:
The most important part of security, is a well educated user.
To not have to store any personal into it could be as simple as a 4-8 number pin to be entered for and attemped transaction… any kind on simple extra security added to impose a block on your funds being removed by someone other then the owner of the wallet? Its weird this team would rather do anything but make these account more secure in any way