diff options
| -rw-r--r-- | core/api-bank-wire.rst | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst index 524a152a..34658f01 100644 --- a/core/api-bank-wire.rst +++ b/core/api-bank-wire.rst @@ -434,3 +434,19 @@ exposed by bank gateways in production. // It is different from the /history endpoints row_id. row_id: SafeUint64; } + + +Security Considerations +======================= + +For implementors: +* The withdrawal operation ID must contain enough entropy to be unguessable. + +Design: +* The user must complete the 2FA step of the withdrawal in the context of their banking + app or online banking Website. + We explicitly reject any design where the user would have to enter a confirmation code + they get from their bank in the context of the wallet, as this would teach and normalize + bad security habits. + + |