I’m currently using monero addresses as the sole authentication method for a custodial service, similar to how mullvad VPN has a single account number to authenticate. My understanding is that these are unique, and impossible to guess. For a custodial service, this makes withdrawing user funds trivial as well.

Can anyone tell me why this is a bad idea?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Its a good idea.

    If the service supports delegated user accounts (some permissions but not full account access), it might not work