This cycle is based on the idea of challenging preconceived notions regarding how Bitcoin is used around the globe. Other cultures use the currency in ways that break old molds.
The emergence of new seedless security methods, which use a completely different method of securing Bitcoin’s private keys is a major trend that has emerged from this chaos. Some proponents claim that current security measures are not meeting the demands of an ever-growing number of users. The emergence of ETFs, along with maturation of other custodial options, is raising concerns that users may be tempted to adopt more complicated self-custodial products.
Security experts have not been the only ones to point out that seed phrases are the cause of the problems Bitcoin has when it comes to self-custody. Jameson Lopp, an industry veteran has long debated The security model poses many challenges, but the company is not afraid to speak out about the pitfalls. Casa, a multi-signature wallet, was founded in part to solve the problems created by conventional backup methods.
Bitcoin Magazine recently spoke with an expert on the current state of Bitcoin. Casa Nick Neuman, CEO of Neuman Group Inc., echoed the concerns expressed by his colleagues:
“We need to think more carefully about how we use them as an industry because the user experience of getting hit with a seed phrase the first time you set up a wallet is very difficult.”
Seed Phrases: The Dangers of Seed Phrases
The landscape of Bitcoin self-custody is still perilous, despite significant improvements in Bitcoin applications and products. This remains true for people whose only experience with technology comes from their iPhones. Every day reports emerge about successful phishing attempts that aim to steal money from victims by exploiting their wallets’ seed phrases.
In January of this year, Trezor, a popular hardware wallet company announced that they believed sensitive information about their customers had been compromised due to an attack on the system of a third party service provider. In the months that followed, X users began reporting a wave of phishing emails.
In 2022, a popular password manager called LastPass was affected by a vulnerability.
After a series of bizarre wallet-sucking incidents that affected both mobile wallet and hardware wallet users, researchers eventually figured out The seed phrases that were stored on servers for the service have been compromised. Since a couple of months agoThere have been losses estimated Over $250 Million in various crypto currencies.
Many market participants are yet to embrace the use of hardware wallets as a more secure security system. Shehzan Mariedia, the founder of Bitcoin financial services company LavaThe Bitcoin market is divided between a majority of security product providers and the rest.
“I’ve realized most people start questioning their ability to self-custody when you involve hardware wallet and seed phrases. Half of them will do a poor job of following instructions and the other half will simply prefer using custodians,” He remarked.
Maredia believes that the secure enclaves in mobile phones can be enough to stop most of today’s attacks.
“Looking at the common causes responsible for the loss of users’ funds, it’s rare to find examples of mobile keys being compromised.” It’s likely that users won’t do an adequate job in protecting the seed phrase backup, or they will reveal it during a scam.
Seedless Challenges and Opportunities
Casa, the pioneer of the seedless wallet concept years ago, has made many improvements to Bitcoin products. However few have so far followed Casa’s lead. Although self-custodial software is more advanced than ever before some modifications have increased the learning curve. You might want to consider whether the nihilistic view of security is what has turned the rituals into something that the general public finds unappealing.
Neuman remains optimistic. Neuman believes there is a shift towards more realistic products in the market.
“There are still quite a few like wallets that force you to [save your seed phrase] upfront. I think it’s kind of a risk management thing on their end, but it actually works against the goal of helping users feel comfortable holding their own keys.”
The trend indicates that the rest of industry has begun to recognize the dangers of users handling sensitive data. Passkeys are a recent technology that has been implemented into Coinbase’s “Smart Wallet” Offer interesting alternatives to this new product generation. Passkeys The new cryptographic standard is being promoted by Internet giants, such as Apple or Google. It aims to replace passwords and other traditional security measures with keys that are tied to a device’s identity and the user.
Our research shows that if you want to know more about the testimonies You can also find out more about us on our website. early adopters It is clear that technology still has a long way to go before it can solve important standards issues. Maredia from Lava agrees with this. Maredia recently released a solution that he believes achieves the most security for mobile devices.
Tankred Hase, a former developer of Spiral, has contributed a number of older works called The Lava Vault. Photon SDK. Photon uses a similar seedless cloud back up to Casa’s original implementation of mobile key wallet. However, it is open-source and hasn’t been updated in some time. Maredia believes that his 2-of-2 adaptation of existing designs within the ecosystem will be able to withstand most attacks.
“We looked at things like passkeys, but we just don’t think they are made to secure important key material like Bitcoin. They basically swap one piece of sensitive information for another and are usually stored in a password manager. In practice, most password managers do a poor job handling them, they can be deleted very easily even on iCloud.”
Lava secures the seed phrases of users using a key with high entropy stored on an external server. After encryption, the seed will be saved on the cloud in a specific directory that prevents accidental deletion and malicious access. Users authenticate to a server which limits the rate of data transmission using a PIN. Lava doesn’t require users to create an account, which protects their privacy. To perform its daily functions, the wallet makes use of another key located on the secure enclave.
“Even if a party accesses encrypted information, there is no single point of failure because they’d have to know the encryption key. Forgetful users can set up a PIN recovery method which allows them to change their PIN after a 30-day delay.”
Maredia’s security protocol will evolve in response to the needs of users and their different risk profiles. There are plans to implement wallet policies, such as withdrawal and spending limits or whitelisted address, 2FA and other security measures. “Lava Smart Key is a very flexible solution. Users can upgrade their self-custody setup easily, and we’re open to accommodating users who have specific demands,” He explains.
Open-source implementations, such as Lava’s vault and the PhotonSDK, could help more service providers and vendors implement these standards.
Both entrepreneurs interviewed for this article feel it’s important to remove seed phrases from the majority of future users.
“Seed phrases in general, I think, are a very useful tool for making your keys more portable between wallets and giving you that exit option just in case something happens to the wallet software you’re using,” says Casa CEO Nick Neuman.
Casa’s multi-signature plan combines hardware and software to avoid single points of failure. It insists, however, on adhering to the seedless principle wherever possible.
“Wallet software is made for managing private keys. Humans are not made for managing private keys. So we should leave that job to the wallets.”
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: bitcoinmagazine.com
