Achieving Balance in Wallet Security: There’s More Than One Way to Lose (and Save) Your Bitcoins
Following several high-profile digital wallet breaches, security protocol has arguably emerged as the primary emphasis of bitcoin service providers. These advancements in security innovation have sparked a number of questions pertaining to this evolving landscape: What are the best measures for protecting these assets? How much protection is too little? And at what point does security protocol rise to the level of overreach, adversely impacting the quality of the user experience?
And what do you do if you lose access to your bitcoins?
These days the average user must be ever vigilant and responsible in their security practices. However, protocols being enacted by many bitcoin wallet providers are becoming increasingly complex and confusing.
“Security is not just protecting the user from attackers. It also involves giving consideration to the user experience. If the security protocol is so challenging that the user is likely to hang themselves then I don’t consider that to be secure,” Puey said to BTCMANAGER.
Puey added that the question they regularly grapple with at Airbitz is, “What’s the absolute most secure solution we can employ to address the problem in a manner that’s user friendly?”
“I personally believe that the creation of some of the most secure solutions involves thinking about the user first. Technology, in my mind, comes second.”
Security Protocols: A Cautionary Tale
As the digital currency landscape continues to evolve into deeper and deeper layers of security protocol, the average user is increasingly faced with a confusing array of passwords and private recovery keys. These access credentials, while serving a protective layer from theft and intrusion, can at times result in a scenario where the end user becomes temporarily locked out of their own wallet. Or in the ultimate worst-case scenario, it can lead to a permanent loss of access.
Dave Bitcoin of Wallet Recovery Services has been the savior for many bitcoin enthusiasts whose wallets have become inaccessible due to misplaced or forgotten passwords. Desperate bitcoin holders who are afraid that they have permanently lost access to their coins have discovered Wallet Recovery Services in a variety of ways including word of mouth, web searches, and referrals from BitGo and Blockchain.info.
In an interview with BTCMANAGER, Dave Bitcoin noted that as electronic wallets have grown in their popularity, he found that there was an increasing demand for services to help people who lose their wallets, or forget their passwords.
“Initially, I just threw together some software to aid in the decryption of bitcoin wallets. But as people started requesting more features, I enhanced its capabilities and scalability.”
The most common mistake people make, according to Dave Bitcoin, is not recording the password they set up in more than one safe location. “Often people will store the password in a single location (eg a piece of paper, or a file on disk, etc), and subsequently, lose the data.”
He said that it’s surprising how many people think that they can rely on their memory to hold what are often complex passwords that they have devised.
“It is amazing how fickle our minds are. A password that seems obvious one day may be completely forgotten a week later. We may not use our passwords to access our bitcoin wallets (especially cold-storage wallets) for many months, providing plenty of opportunity for stupidity, beer and gray matter entropy to take their toll.”
Dave Bitcoin pointed out that there are a number of factors that come into play during those situations when he is asked to recover a wallet password. These include:
- Wallet Format: “The good news is that my software includes high speed GPU-based algorithmic solutions for most bitcoin wallet formats, including Bitcoin-Core, Multibit, Electrum, Blockchain.info, Bitgo, and Airbitz, BIP38, etc. And I also work with a range of other cryptocurrencies such as litecoin, dogecoin, ethereum, etc.”
- User Memory: The second critically important factor is what, if any, password information has been remembered by the user. “If the customer has absolutely no idea about what their password is, and it is a ‘strong’ password, then there is literally no way to recover the funds. However, if the customer remembers some information about their password — for instance, the format, or part of the phrase, or a set of words that might have been used — it now becomes feasible for me to make an attempt at decrypting the wallet and recovering the funds.”
- Assets In The Wallet: “The third factor is the quantity of money stuck in the wallet. A very valuable wallet obviously deserves greater attention, and it is worthwhile for me to spend time, effort and CPU cycles attempting to decrypt it. A very poor wallet is deserving of less effort (although I always try to help even the customers who have minimal money in their wallets).”
- Client Credibility: “Sometimes people come into possession of wallets through dubious means, and ask me to solve them. I make it a point not to work on these jobs since my reputation of honesty and trust within the cryptocurrency industry is vital to the success of Wallet Recovery Services. I am very careful about always acting honorably.”
The advancement of technologies to provide a secure place for bitcoin storage is ushering in an entirely new set of complexities and capabilities. Companies like BitGo.com are at the forefront of providing corporate-strength accounts that can require more than one person to move funds, and can provide limits and policies on financial transactions. Such measures are probably security overkill for the average individual using bitcoin for day-to-day transactions. But the importance of keeping personal wallets secure and useable is still worthy of careful consideration by wallet companies and users alike.
At the end of the day, it is vital to ensure that there is a balance between innovations to ensure protection and user practicalities in being able to easily access their own wallets.