Tuesday, May 28, 2013

Using two-factor authentication on Localbitcoins.com

We've recently updated LocalBitcoins.com login process. While it's simplified and more clear, the previously omnipresent two-factor authentication code was obscured. But two factor authentication is still there, and stronger than ever!

Why two-factor authentication?

Security! Normal logins are simply something you know: you know your username and password.  Two factor login adds a new vector, such as something physical you have. This physical token could be a smart card, a dongle or a phone: all it needs to do is provide a way to prove its existence as needed. The simplest way is to generate a series of numbers based on a shared secret and the current time: any series of numbers is only valid for a short time, making it useless afterward.


How to use two-factor authentication?

Our two factor authentication process is based on Google Authenticator mobile application. It requires a smartphone (Android / iPhone) .

Once you have Google Authenticator installed, just point your browser to your profile edit page on LocalBitcoins.com (click your username after log in) and scroll down to the two factor authentication title. Open the Authenticator application on your mobile phone, choose Set Up New Account and scan the QR barcode code from your account page. Write down the secret key below the QR code and store safely, preferably separate from your main computer. The secret key can be installed on a new smartphone later, allowing you to continue logging in to LocalBitcoins.com.

That's all. Try it out by logging out and back in. After you enter your login details, you will be prompted for the Authenticator code at the moment. With the authenticator app punch in the code displayed.

If you have problems logging in with the Authenticator, just contact our support through feedback form.

Friday, May 24, 2013

Signing and verifying documents with Bitcoin

Digital signing system verifies that any document can be proven by to be signed by a certain party.

What's a digital signature?

Bitcoin comes with a way to sign any data. The private and public key pair Bitcoin itself is based on is needed for signing transactions, but they are not restricted to that. Of particular interest is signing documents.

The document signature can connect a specific Bitcoin address and a document together, proving that the Bitcoin address owner has personally approved the document. A signature looks like this:

Note that there is no whitespace in the signature.

LocalBitcoins.com uses Bitcoin to digitally sign its receipts

LocalBitcoins.com uses Bitcoin digital signatures for receipts that can be verified actually were written by Localbitcoins.com. We also have a convenient form for verifying any Bitcoin message without installing the Bitcoin software.

Let's follow through with an example. With the signature you can verify that LocalBitcoins.com's Bitcoin address 1Q1wVsNNiUo68caU7BfyFFQ8fVBqxC2DSc has signed, for example, the following message:
Localbitcoins.com will change the world
Changing the message, address or signature by just one letter makes the verification fail. Try it now on our online verification page!

Follow LocalBitcoins.com on Facebook, Twitter, Google+.