Lots of people use the word “secure” to describe technology, but the word “secure” is pointless by itself. Secure against what? Without naming the threat, you only have half the story.
Over the past 4 years, we have seen some clear trends in the way people have lost bitcoin. By far the biggest sources of loss have been robberies at centralized exchanges and hosted wallets. Although these heists are a lot of work, the enormous payout makes it well-worth the effort. Airbitz doesn’t have access to customer funds, though, so this sort of mass robbery doesn’t work against us.
The other two ways people have lost bitcoin are through human error and targeted theft. Of the two, human error is by far the most common. People lose their phones all the time, and then can’t find their backups.
Airbitz addresses human error with a collection of features:
- Automatic password-encrypted backups
- Password recovery questions
- Device-device syncing
- PIN login
- Fingerprint login
By providing several ways to access the same account, we spread the risk and increase recovery options. If someone loses their phone, they may remember their password or recovery answers. If they can’t remember their password, they might be able to use their PIN, and so forth.
There are many ways to steal bitcoins from an individual user. The easiest way is to “borrow” their unlocked phone for a few seconds, open the wallet app, and send the money to yourself. This is why the Airbitz wallet is encrypted by default. There is no way to send funds out of the wallet without a PIN, thumbprint, or password. Many wallets don’t have this protection by default, so anybody who can open the app can swipe the funds.
Malware is another threat. The most common forms of phone malware are keyloggers and screen-grabbers. If a wallet shows a 12-word seed on the screen for backup purposes, screen-grabbers can record the screen and use the words to drain the wallet. Airbitz does not ask the user to make paper backups, so we avoid that particular risk.
A keylogger can steal the Airbitz password, but users can neutralize this threat by enabling our one-touch two-factor authentication feature. With two-factor enabled, the password alone is not enough to log in. A few notable bitcoiners have been robbed by social engineers who hijack phone numbers to thwart two-factor authentication, but this can’t happen with Airbitz. Our two-factor is linked to a specific device, rather than a phone number. No other wallet has this feature.
Furthermore, phone operating systems have built-in protections that prevent one app from reading another app’s private data. Malware that can bypass these protections is extremely rare, since it requires rooting the phone in some way. Malware like this can read the private keys right out of most wallets, but Airbitz encrypts private keys by default. To compromise us, the malware would first have to wait for the user to log in before it had enough information to read the keys. If the user can detect and repair the infection before their next Airbitz login, they can avoid losing funds. This is much better than other hot wallets.
For perfect security against malware, you need to put the keys in some sort of hardware security module that the malware can’t touch. As soon as you do this, though, you lose the ability to have automatic encrypted backups or any of the other human-error defense mechanisms. In other words, in order to defend against the rarest type of threat, you have to open yourself up to the most common type of threat. This is not a good security tradeoff!
Everyone is Different
Of course, all these considerations apply mainly to a individual users. Enterprises that transact in crypto-currencies, like exchanges, hedge funds, and merchants, will have completely different requirements. These users can (and should) invest in ultra-secure, hacker-resistant solutions like cold storage, offline signing, multi-sig, and dedicated hardware wallets. Their money affects multiple people, and can be touched by multiple people, so their situation calls for a higher standard (like the C4 certification).
For individual users who are willing to invest the time in a good paper backup strategy, dedicated hardware wallets can sometimes make sense for larger amounts of rarely-accessed money. If you are going to use one of these wallets though, don’t write your 12-word seeds down in a notebook and then carry it around with you. It doesn’t matter how good the wallet is if the human is the weak link!
For everyday use on an everyday smartphone, Airbitz has the most compelling security story available. Over the years, as smartphones become more and more secure via better app sandboxing and hardware secured storage, wallets like Airbitz will become the de-facto standard for the general population. There is no better way to protect funds both from theft and from the biggest threat (yourself).