In late September 2025, Torzon Market released a significant update to its PGP-based two-factor authentication system, accompanied by new guidance recommending all users activate 2FA on their accounts. The update addresses vulnerability patterns identified in post-incident analysis of several darknet marketplace account compromises in 2025.
The Updated 2FA System
PGP-based 2FA works through a challenge-response mechanism. Upon login, the platform presents a randomly generated challenge string. The user must sign this string with their private PGP key and submit the signature. The platform verifies the signature against the stored public key — only the holder of the private key can produce a valid signature.
Why This Matters
Phishing attacks that capture username and password credentials become significantly less effective when PGP 2FA is enabled. Even with a stolen password, an attacker cannot complete the login without the victim's PGP private key, which never leaves the user's device.
Setup Process
The updated interface guides users through key generation and upload in a streamlined workflow. The platform recommends generating a dedicated key pair for marketplace use — separate from any keys used for other purposes — and storing the private key exclusively on an air-gapped or encrypted storage medium.