This cycle is based on the idea of challenging preconceived notions regarding how Bitcoin is used around the globe. Other cultures use the currency in ways that break old molds.
The emergence of new seedless security methods, a radical change in the way Bitcoin private keys are secured, is a major trend that has emerged from this chaos. The proponents of seedless security models argue that existing practices do not meet the needs of a growing number of users. ETF products are a new addition to the custodial alternative market. They have created concerns over the possibility that future users might opt for more complex solutions.
When asked to explain the difficulty of Bitcoin’s self-custody, security experts have often pointed out the use of seed phrases. Jameson Lopp is an experienced industry professional. long debated It is important to be aware of its shortcomings and the difficulties that it poses. Casa Multi-Signature Wallet, his company, was created in part as a response to the challenges caused by traditional backup techniques.
Bitcoin Magazine recently spoke with current Bitcoin users. Casa Nick Neuman, the CEO at Neuman’s company, shared his concerns.
“We need to think more carefully about how we use them as an industry because the user experience of getting hit with a seed phrase the first time you set up a wallet is very difficult.”
Seed Phrases Can Be Dangerous
Even though Bitcoin has made significant advances in terms of quality, those who are only comfortable with iPhones still face a perilous landscape when it comes to self-custody. Each day there are new reports of phishing scams that target victims’ money by using their seed phrase.
In January of this year, Trezor, a popular hardware wallet company announced that they believed sensitive information about their customers had been compromised due to an attack on the system of a third party service provider. In the months that followed, X users began reporting a wave of phishing emails.
In 2022, a popular password manager called LastPass was affected by a vulnerability.
In the wake of a number of strange wallet draining incidents that have affected both hardware and mobile wallet users alike researchers eventually figured out The seed phrases that were stored on servers for the service have been compromised. According to a couple of months ago. Losses have been estimated The total value of cryptocurrencies has surpassed $250,000,000.
Although popular Bitcoin influencers are pushing for more robust security measures involving hardware-based wallets, many market participants still have not warmed up to the idea. Shehzan Mariedia, Bitcoin financial Services company LavaThe Bitcoin market is divided between many security product providers and the majority of Bitcoin users.
“I’ve realized most people start questioning their ability to self-custody when you involve hardware wallet and seed phrases. Half of them will do a poor job of following instructions and the other half will simply prefer using custodians,” “He remarked.”
Maredia believes that the secure enclaves in mobile phones can be enough to stop most of today’s attacks.
“Looking at the common causes responsible for the loss of users’ funds, it’s rare to find examples of mobile keys being compromised.” It’s likely that users won’t do an adequate job in protecting the seed phrase backup, or they will reveal it during a scam.
The Seedless Challenges and Opportunities
Casa, the pioneer of the seedless wallet concept years ago, has made many improvements to Bitcoin products. However few have so far followed Casa’s lead. Although self-custodial software is more advanced than ever, certain changes have increased the learning curve. You might want to consider whether the nihilistic view of security is what has turned the ritual into something that’s not appealing for the average person.
Neuman remains optimistic. Neuman believes there is a shift towards more realistic products in the market.
“There are still quite a few like wallets that force you to [save your seed phrase] upfront. I think it’s kind of a risk management thing on their end, but it actually works against the goal of helping users feel comfortable holding their own keys.”
The trend indicates that the rest of industry has begun to recognize the dangers of users handling sensitive data. Recently implemented technologies, such as the passkeys in Coinbase’s new “Smart Wallet” Offer interesting alternatives to this new product generation. Passkeys Internet giants such as Apple and Google are pushing a standard that replaces traditional passwords by cryptographic keys linked to the device or identity of a user.
According to research conducted by us,estimonies You can also find out more about us on our website. early adopters It is clear that technology still has a long way to go before it can solve important standards issues. Maredia, from Lava, agrees that there are still many things to improve. Recently, he launched an seedless solution which he feels achieves best possible security compromises for mobile devices.
Tankred Hase, a former developer of Spiral, has contributed a number of older works called The Lava Vault. Photon SDK. Photon uses a cloud storage that is seedless, like Casa’s first implementation of mobile keys wallet. It has an open architecture.source It has been neglected for a while. Maredia believes that his 2-of-2 design, which he adapted from designs already in place within the ecosystem, can withstand most attacks.
“We looked at things like passkeys, but we just don’t think they are made to secure important key material like Bitcoin. They basically swap one piece of sensitive information for another and are usually stored in a password manager. In practice, most password managers do a poor job handling them, they can be deleted very easily even on iCloud.”
Lava protects seed phrases by using an entropy-high key that is stored on another server. After encryption, the seed will be saved on the cloud in a specific directory that prevents accidental deletion or malicious entry. The user authenticates with the key server that enforces rate-limiting using their 4-digit PIN. Lava is a service that does not ask for the user to register an account. This protects the privacy of the users from both the server and the service. The wallet relies on a second key that is stored in the secure enclave of the device to perform daily tasks.
“Even if a party accesses encrypted information, there is no single point of failure because they’d have to know the encryption key. Forgetful users can set up a PIN recovery method which allows them to change their PIN after a 30-day delay.”
Maredia’s security protocol will evolve to meet the needs of users and their different risk profiles. Already, wallet policies like 2FA, spending or withdrawal limits, whitelisted addresses, and withdrawal limits are on their way. “Lava Smart Key is a very flexible solution. Users can upgrade their self-custody setup easily, and we’re open to accommodating users who have specific demands,” The man explains.
While open-disk backups were criticized as exposing users to unwarranted risks from third parties, they are still a viable option.source Implementations like Photon SDK or Lava’s vault suggest that more vendors and services could adopt similar standards to mitigate this problem.
Both entrepreneurs who were consulted on this issue agreed that seed phrases are still an essential part of the security stack. article I believe that it is necessary to isolate them from future users.
“Seed phrases in general, I think, are a very useful tool for making your keys more portable between wallets and giving you that exit option just in case something happens to the wallet software you’re using,” says Casa CEO Nick Neuman.
Casa encourages the use of hardware-based multisignature plans to eliminate single failure points. However, it insists that its principles be adhered to as much as possible.
“Wallet software is made for managing private keys. Humans are not made for managing private keys. So we should leave that job to the wallets.”
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: bitcoinmagazine.com