20 Security Ideas for Cryptocurrency Wallets
Cryptocurrencies are becoming more valuable every day and the need for safe ways to store them in digital wallets have increased concerns all over the world.
Everyone dislikes text-based passwords, which are often forgotten, hacked, duplicated, and misused. Relying on text passwords alone, we're certain to be reading a steady stream of news reports about how many people are having all their money lost or stolen. While hackers keep getting smarter, average users are actually more careless than ever before. People struggle to remember their passwords and some even lose their accounts, and all their money along with them. Therefore, cryptocurrency platforms need to develop new safer and easier ways to secure accounts or a combination of several reliable security and authentication measures. There has to be a better way, right? It turns out that there are many alternatives. Each has its strengths and weaknesses, and none of them can replace text passwords on their own. We scraped the internet for days to bring to you the most complete list that we can for ideas to finally help kill text passwords.
Biometric Security Types:
Face recognition is probably the most popular biometric technology for authentication purposes, it scans, measures, and matches the unique characteristics of your face in order to identify you. The new iPhone X features this technology, so this means Apple intends to make Face Recognition a universal thing that soon other phone manufacturers could be forced to introduce to their products to be able to compete. Of course, facial recognition is only possible with a good camera, but nowadays all decent phones have one, so developers should mainly focus on making them as secure as possible.
Apple X: www.cnet.com/news/apple-iphone-x-apple-face-id-challenge-facial-recognition-trust-security/
Open Source Technology: http://openbiometrics.org/
Before face recognition was introduced by new Apple’s new phones, the standard for accurate authentication was fingerprint recognition. Most new iPhones had this feature and many other Android and Windows devices. The advantages are obvious, the fingerprint scanner it’s easy, quick, and discrete to use, and no one can replicate it. This authentication system can work in two different ways, it either has an online fingerprint database, so you can use your fingerprint from any device, or it just stores your fingerprint in a single device, allowing you to access your account from that only device.
Open Source Technology:
Eye recognition is something we have seen in many science-fiction movies, but there is nothing fictitious about this technology. It is actually very feasible and not as expensive to implement as people often think. Iris recognition technology works with mathematical pattern-recognition techniques on images of people’s eyes, whose complex patterns are unique and can be seen from a safe distance. There is also retinal scanning, an ocular-based technology that scans the unique patterns on an individual's retina blood vessels.
Open Source Technology:
The idea behind Movement Authentication is that users can authenticate themselves by the gestures or natural movements they make while holding their smartphones in order to access their accounts. This could prove quite tricky for some people, but the technology seems flexible enough to be able to adapt to easier movement patterns that won’t require much effort to remember.
Still on paper: http://ieeexplore.ieee.org/document/7865994/
Voice ID or voice authentication uses voiceprint biometrics to authenticate users, it relies on the fact that all people have unique vocal characteristics, just like other biometric authentication methods such as fingerprint eye recognition, which also scan unique features of each individual.
Voice Recognition solutions (not free):
Voice Stress Analysis
Voice stress analysis (VSA) is a technology that measures stress in the voice. The computerized voice stress analyses record the human voice by using a microphone, and the technology is able to determine from the non-verbal, low-frequency content of the voice certain information about the psychological and physiological state of the speaker. A high level of stress can be an indicator of danger, thus blocking the device or the account.
Open Source Technologies:
To this date, there is one only device that claims to be able to authenticate you by measuring your heartbeat and it is called Nymi. It uses these readings as a unique biometric to identify your identity. People only need put it on once a day, touch it for a few seconds, and after measuring your heartbeats, it confirms that you are actually you, and then it sends this information to whatever system or service you need to access.
Heartbeat Authentication Solutions:
Lip Motion Password
This elegant and relatively easy to use technology reads a person’s lip motions to authenticate you, the system verifies your identity by simultaneously checking whether the behavioral characteristics of the lip and the spoken password match. The system identifies the lip shape and texture of the user as he/she voices the password, and is able to detect and reject a correct password given by an imposter or a wrong password uttered by the user.
Still on paper: http://hkbuenews.hkbu.edu.hk/?t=enews_details/1758&acm=50_726
Non-Biometric Security Types:
Graphical Password or Graphical User Authentication (GUA)
A graphical password works by having people selecting an image from a pool of different images. In some cases, it’s just one, but there are systems that work with several images being selected in a specific order so that it can authenticate the user. Images are way easier to remember than words or numbers or a combination of each, so many banks have implemented this system as part of a 2-factor or multifactor authentication system.
Security questions are probably one of the oldest online security measures used by people, they are easy to remember and add an extra level of protection to any personal account. You often need to set three questions along with your personal answers to help the system verify authenticate you. The questions and answers are supposed to be easy for people to remember and difficult for anyone else to guess. However, some questions are easy to guess just by looking for certain pieces of information available online, so people should either create more difficult questions or lie on the easy ones in a way only they would remember.
Endpoint Authentication (Device Authentication)
Endpoint authentication is a security measure that is specially designed to allow access to the network, website or service only to authorized devices and users. This is technology is also known as device authentication, it works with smartphones, tablets, laptops, and even unique small devices that feature a single button. As part of multi-factor authentication methods is efficient, but the inconveniences are clear, you need to carry this device with you all the time because you never know when you’ll need it.
Multi-factor Authentication (MFA)
Multifactor authentication (MFA) is the common standard of banks, crypto wallets, and most other online services, it is basically a combination of two (2-factor authentication) or more authentication methods to verify your identity for a login or a transaction. It grants several layers of security to your account, so if one of the authentication methods is compromised, you will still have other(s) to protect your account.
One-Time Passwords (OTP)
One-time passwords (OTP) are automatically generated numeric or alphanumeric passwords that authenticate users for logins or single transactions. These passwords are usually given in pocket-sized devices or sent to a mobile device. The passwords are always different and unique, so it is near impossible to guess one. Because they usually change every 30 to 60 seconds.
MapLogin is an interesting prototype that features a unique user authentication service that involves maps. Instead of entering a password, people must choose a secret location in Google Maps by zooming in on a map image. It works like finding a treasure in a map, you can select a certain park or favorite location within a city or anywhere as your password and then zoom in there to access your account. While still a prototype, it’s one of the most interesting, unique, and easy to use authentication systems ever imagined.
More info: https://tildexe.appspot.com/
Trusted Execution Environment Authentication (TEE)
The TEE is a safe area of a device’s processor, it allows important data to be stored, processed and protected in an isolated, secure environment. The TEE offers isolated safe execution of authorized applications, enabling it to provide end-to-end security by enforcing the protected execution of authenticated code, access rights, system integrity, privacy, authenticity, and confidentiality. In English, it means that you can designate a physical device as secure, meaning that you won’t need to provide passwords or pass through additional security methods while using this device.
More info: https://www.globalplatform.org/mediaguidetee.asp#_Toc419214135
Social Login Authentication
Social login, also known as social sign-in, is an easy and convenient way to sign-on using existing information from a social networking service such as Google, Twitter or Facebook to sign into a third-party application instead of creating a new login and password specifically for this account.
Social Login is very common now, and chances are, you're using it already.
HTTP Origin-Bound Authentication
Secure QR Login (SQRL)
On your phone, an SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. The app would communicate with the site directly, sending the public key as your identity, and the encrypted QR code as your authentication.
Transaction Authentication Number (TAN)
Transaction authentication numbers (TAN) are mostly used by some online banking services, they are pretty much like one-time passwords but come in the form of a card that features a list of passwords or a matrix with numbers and/or letters that you must use as passwords whenever the system asks to authorize certain account transactions. TANs are a secondary layer of security and therefore are always used along with other authentication methods.
In case the physical card or matrix with the codes is stolen, it will be useless if you can’t pass through the other authentication measure. Also, if someone steals your login and password, that person won’t be able to make any transaction without a valid TAN.
This authentication method aims to combine user and machine-generated narrative based on recent computer activity. Users must interact accordingly with a continuous authentication mechanism that involves text adventures. The premise is that users are much more likely to remember an interesting or familiar narrative than a complex text password. The idea is still on paper but it looks promising.
Still on paper: http://www.nspw.org/papers/2013/nspw2013-somayaji.pdf