To many people who are deeply involved in the crypto space, the idea of mass scale adoption is not a matter of ‘if’ but ‘when’. As progress continues to be made to improve the scalability and usability of Blockchains, and as regulators get closer to defining the rules that will allow institutional investors to safely jump on board, it’s clear that we’re building the infrastructure for a future where crypto usage is the norm.
Yet, even once the regulatory and scalability issues are solved, there is still one underlying problem that will hinder mainstream adoption of cryptocurrencies. That problem is security, mainly, the ability for the average user to navigate the process of setting up a wallet, storing their private keys and transferring funds without falling victim to the numerous human errors that cause them to lose all of their funds.
One of the big slogans that have been used to promote Bitcoin in recent years is “Be your own Bank”. It’s a statement that represents the true value of crypto; financial independence and the availability to have full control over how your money is stored and spent.
Although this may sound like a dream come true to most who are tired of central banks inflating their currency and sparking off economic recessions, the reality is that most people are incapable of ‘being their own bank’ because they simply don’t know how a bank works.
Bitcoin aims to replace financial institutions that have lasted for centuries with protocols, yet the one thing that institutions provide that protocols currently lack is a tolerance for human error. In other words, Institutions offer a blanket of security that ensures that you can still reclaim your funds when you forget your password or accidentally send money to the wrong address, whereas protocols interpret every action you take on the blockchain as 100% intentional, and will consequently move forward to execute its responsibilities without allowing the possibility to reverse the action.
This is what happens when you send your Bitcoin to an address, and miss-type a single word, or forget 1 of the 12 keywords needed to access your digital wallet.
In the first case, your funds will be transferred to an unknown address and (as far as you’re concerned) will simply cease to exist. In the second, you could spend the rest of your life trying to remember the missing keyword to gain access to your funds, which will remain where they are but will be completely inaccessible until you can enter in the correct passcode.
Security in the crypto space is complex and unforgiving, which is why so many people in it have been victims of hacks, and also why so many outsides of it are hesitant to get in because they read articles claiming that $731 Million have been Stolen from Crypto Exchanges in 2018 or that Hackers have swiped over $540 million (60 billion Yen) worth of cryptocurrency from Japanese citizens over the first six months of 2018.
These headlines conflate the hacking of centralized entities and the vulnerabilities everyday users inflict on themselves by failing to follow basic security procedures (like not using ‘12345’ as a password) with the idea that there is major security risk in Bitcoin and most truly decentralized Blockchains (there clearly isn’t, as the Bitcoin blockchain has never experienced any major hacks since its existence, which is more than what can be said for Banks).
As a consequence of the fear caused by headlines, and an overall unwillingness to bear the responsibility of ‘being your own bank’, many users are happy to store their cryptocurrencies with custodian solutions, giving up their private keys in exchange for more ‘security’.
Bitcoin, the tool that was developed to one day replace banks, is being bought for millions of dollars… only to be stored in a Bank.
The lack of simpler security measures in crypto is forcing adopters to inadvertently reinforce the centralization of power created by banks and traditional financial institutions.
Security measures must be put in place to serve the lowest common denominator
When it comes to crypto security, there are the insiders, and then there’s everybody else. A typical crypto security conference might be filled with conversation about quantum computing, reversing elliptic curve cryptography, vulnerabilities in hardware wallets and the challenges of operating system security and creating trusted boot sticks that we can verify. All of these are very important topics, yet for the average cryptocurrency users, they mean absolutely nothing. That is because the vast majority of cryptocurrency theft is not being conducted by genius hackers using quantum computers to crack complex security systems. Rather, they’re usually the result of some user running a windows computer and downloading software that contains a Trojan virus, or a write all of his password and private keys unto a word document, then uploading it to Dropbox.
The vast majority of security breaches are actually caused by very simple problems, which means that hackers have no incentive to go after complex systems (like the actual Bitcoin Blockchain) when they could simply feed off of the holders of Bitcoin who use poor security measures to store their crypto.
Crypto wallets and exchanges need to design security measures that appeal to the lowest common denominator. By this I mean the person who is most likely to inadvertently do everything possible to get themselves hacked; use overly simple passwords, click on malicious email links or download malicious software, store their private keys on Dropbox (while also using a simple password). The same way entrepreneurs learn to pitch their tech startup in such a way that their grandma can understand it; security systems on exchanges and wallets must design their user experience with the same level of simplicity and intuitiveness.
As Bitcoin advocate Andreas Antonopoulos said when speaking at a Blockchain security conference;
“The [blockchain] user interfaces are so complex that they’re very difficult to apply. A user interface needs to be intuitive, but not just intuitive, intuitively secure; meaning when you look at a user interface, there must be an obvious thing to do, and you better make sure that obvious thing to do is actually the secure thing. If we design interfaces where the obvious thing is the most secure thing, then our users can actually do operational security. If you leave them hanging and they have to figure it out themselves then we failed our users. This isn’t just a problem of how do I be my own bank and control my own crypto. The vast majority of people faced with this choice will simply go to a custodial service and put all their crypto in a bank”
Ultimately, security underpins everything that will make cryptocurrencies usable by the mainstream. Most people agree that many cryptocurrencies will achieve significant valuations over the next 5-10 years. However, if the average user doesn’t feel like they’re funds can survive the 5-10 years without being hacked or permanently locked away from them if they forget one part of their password, it simply won’t be worth the investment. Therefore, the problem of security must be solved by not only educating users about the most basic vulnerabilities that exist in crypto (and the web at large), but also by designing interfaces that are “intuitively secure”, meaning that each time a user interacts with an exchange or a wallet, there is an ‘obvious thing to do’, and that this obvious this is the secure thing.
Only then can we ensure that users with varying degrees of experience interacting with any sort of online platform can ‘be their own bank’ and feel personally responsible for the security of their money despite not knowing the first thing about the complexity that goes into actually securing that money.