Improve Security

[Someguy123]

2FA works, but we could add extra security features, such as secondary passwords for sending coins, allowing the user to adjust their PBKDF iterations, or even adjusting the algorithm themselves for the advanced users.

We have some protection from people scraping identifiers via 2-Factor authentication, as well as Cloudflare, however logging IP's even with a memory IP map (similar to how we detect tor nodes) with the amount of identifiers they've tried in the past 10 minutes or so could be effective in reducing the risk of identifier scraping and brute forcing.

Have your own security enhancement? Comment here, or send a pull request.

[losh11]

Temp ban IP addresses which have incorrectly sent 50+ get requests to /wallet/load/[identifier].

Maybe have a more realistic password (hash key) test, so ban people from using passwords that is part of the top 1000 list. I was able to create a key of value 'Password1'.

Stop people from using 'litevault.net' as an iframe. Not too sure if you've already done that. I'm kinda using something like an iframe (webKit) to just load the site on LiteVault-iOS.