Ledger Live Login
With increasing cyber threats, protecting your crypto holdings is paramount. Ledger Live implements robust security measures, including two-factor authentication, to safeguard your investments.
Last updated
With increasing cyber threats, protecting your crypto holdings is paramount. Ledger Live implements robust security measures, including two-factor authentication, to safeguard your investments.
Last updated
We use code scanners to help us identify and address vulnerabilities early on, preventing them from making their way into production.
Code is reviewed and approved by a team independent of the one developing Ledger Recover. This separation is yet another measure to help improve overall code quality by catching logical flaws that might lead to security concerns.
The code of the critical modules of Ledger Recover is signed using a cryptographic signature. The signature is partly generated based on the code’s content, preventing the deployment of tampered code by comparing the signature to its expected value. This security check is done before the code is executed.
Network traffic is tightly controlled via policies that define rules for traffic flows for all 3 Backup Providers. By defining rules for allowed and denied traffic, we limit the attack surface and reduce the risk of unauthorized accesses. Also, restricting communication between individual services ensures that the attacker’s lateral movement is limited, even if one component is compromised. In addition, we apply mutual TLS (mTLS) authentication to prevent Man-in-the-Middle (MiM) attacks. By verifying the identity of both parties with certificates, mutual TLS ensures that only trusted entities can establish a secure connection.
Encryption keys (used, for example, to encrypt data or communication) are changed regularly in line with cryptography best practices. The advantage of this is that if a key gets compromised, the damage is limited to the time between rotations and to the data encrypted with the old key.
Outbound traffic is limited to known domains and IP addresses only (Backup Providers, service providers). Limiting and monitoring outbound traffic is a way to stay alert to potential data leaks. If the volume of outbound data flows is higher than expected, a malicious actor might be extracting sensitive data from the Ledger Recover system on a significant scale.
Incoming traffic is protected by a combination of anti-DDoS, Web Application Filtering (WAF), and IP filtering techniques. Distributed denial-of-service (DDoS) attacks exert harm by overflowing their target system with requests. Limiting the number of incoming requests is a well-known measure against such attacks. Now, not all attacks are about quantity, some of them are about quality. This is where WAF comes into play. WAF looks at incoming requests and inspects their intended behavior: if the request aims at gaining unauthorized access or manipulating data, the filter blocks the request. Finally, IP filtering employs the double technique of a) whitelisting, that is, allowing traffic only from specific IP addresses or ranges, and b) blacklisting, that is, blocking traffic from known attacker IPs.
The components of the Ledger Recover infrastructure are continuously and systematically scanned for known vulnerabilities and misconfiguration, and patches/updates are applied regularly. This helps the response to new types of threats as they emerge and keep security measures up to date and world-class.
Separation of duties is at the core of the security strategy of Ledger Recover.
The separation of duties between the various Backup Providers (part 3) and IDV Providers (part 4) has been described in the previous posts. You may recall that there are:
3 shares of the Secret Recovery Phrase managed by 3 independent Backup Providers (with database diversification on top to prevent collusion)
2 independent Identity Validators (IDV Providers)
At the infrastructure level, separation of duties is applied between the different roles involved in the development and operation of Ledger Recover.
In addition, we combine the separation of duties with the “least privilege” principle. “Least privilege” is the principle applied to system operators and administrators: they are granted rights to do only what they need to do, ensuring they are given the lowest level of permission required to perform their duties.
So when “least privilege” is combined with “separation of duties”, various admin roles are allocated to different people so that no single person can damage/compromise the confidentiality or integrity of any system component. For example, developers of Ledger Recover code do not have access to the system that is running the code they wrote.