Why Bitcoin will never be as secure as a Bank

in #bitcoin8 years ago


The probability of losing your Bitcoin balance is orders of magnitude higher than the probability of losing your banking balance for the vast majority of people. The typical response is that you should “keep your bitcoins in cold storage”, but cold storage is nothing more than the age old advice to “keep your bitcoins under your mattress”.

Rather than debate the merits of how any one individual might secure their private keys, lets talk about a structural problem. The security of Bitcoin is dependent upon keeping secrets. These secrets are so complex than 99.9% of people are unable to commit them to memory, and even if you could commit them to memory you never know when you will hit your head too hard.

Bitcoin only has value when you use it. In order to use bitcoin, you must share your secret with a computer. For 99.9% of the population, their computer is orders of magnitude more likely to be infected by malware than their bank account is to get hacked. The truth is that many users have their banks hacked due to the poor security practices on their computer. The difference is, that when your bank account is hacked you can almost always recover the funds.

Bitcoin requires Personal Responsibility

The proponents of Bitcoin like to talk about how “secure” it is. Your account cannot be frozen, funds cannot be seized, there are no limits and restrictions, and it “protects your privacy”. Each of these claims is false in practice.

Anyone who mans the tech support desk knows how frequently people forget their passwords, choose simple passwords, forget to backup, lose their backups, etc. These things are so common that the vast majority of normal individuals experience it every year. If they were responsible for their Bitcoin and any one of these very common things happened to them, then they would be locked out of their accounts.

Most people trust their bank more than they trust themselves or their computer and it is completely justified.

Bitcoin Banks are Less Secure than Fiat Banks

Perhaps individuals could adopt a Bitcoin bank and trust someone else to secure their Bitcoins. Surely this would be at least as secure as a fiat bank, right? Unfortunately, time and time again major bitcoin exchanges have been hacked and lost customer funds. The probability of an exchange being hacked has historically been much higher than the probability that a bank would go bankrupt.

Which is more secure, $100,000 in a crypto currency exchange or $100,000 in any major bank?

If experts in the field are unable to secure their Bitcoin (even when multiple signatures are required), then how can we expect normal users to take on that responsibility?

Multi-Signature Service Providers are Insufficient

There are services that will help you perform Multi-Factor authentication on all transfers. These services will hold one key while you hold two keys. So long as 2 of 3 keys sign the transaction your funds can be transferred. When you spend money you sign it immediately with one key, the service provide will send you a text message and then sign the transaction with their key after confirmation.

This process is certainly very secure and is similar to the multi-factor authentication strategies used by banks. There have been many cases of hackers and social engineers hacking cell phone SIM cards. The question is whether or not this process is more secure than banks?

Two of three multisig is still less secure because of the following:

  1. many users will lose one or both keys
  2. many users will store both keys on a computer that gets hacked
  3. a hacker can gather user keys, then compromise the service provider for the 2nd key
  4. a hacker can trick the multi-factor authentication service

When any of these things happen the user’s account is either frozen or the balances are lost forever. All of these things can and will happen with greater frequency than users losing money in the bank.

Why is the Bank more Secure?

The short answer is that banks have the ability to recover / reverse transactions for several days after they are made and they have the ability to reset your password when you lose it. These are two things that Bitcoin is structurally unable to resolve.

The problem is that it is impossible to know you have been “hacked” until it is already too late to recover the funds. If someone hacks your bank account then the vast majority of the time you can recover your funds. Either the transfers get reversed or the bank eats the cost.

There is no bitcoin script that can take the form “all spending from this address must be to outputs that can be canceled for up to X days”. The very structure of Bitcoin (outputs being consumed by the input to a transaction and generating new outputs) makes the required security logic almost impossible to implement. In effect, a Bitcoin transaction output’s claim logic is unable to depend upon the outputs of the transaction it is claimed into.

Requirements for Cryptocurrency Adoption

Before the masses of normal users can realistically enter the space, cryptocurrencies need to offer the following features:

  1. hacked account recovery
  2. lost password recovery
  3. reversal of unauthorized transfers detected within 3 days

These kinds of features are technically possible on turing complete smart contract platforms such as Ethereum, but as of this writing no existing Ethereum wallets implement this logic.

Ease of Use Trumps Security

When it comes to the masses of people, ease of use is critical. Sometimes making things “harder to use but technically more secure” actually makes things practically less secure. An example is requiring people to change passwords every week results in users writing their password on a sticky note stuck on the monitor.

For the vast majority of Bitcoin and Bank users an insecure website with a password remembered by the browser is the appropriate level of ease of use.

The typical approach of increasing security at the expense of ease of use is a fools errand. Instead what is required is to increase ease of use and then offer solutions to mitigate damage and recover from the inevitable breaches that do occur.

Private Keys are Fences not Impenetrable Security

It is common knowledge known by military and preppers that an unwatched fence provides no security. Any security offered by a fence depends entirely on its ability to delay an attacker while the people inside the fence wake up and prepare to take positive actions to defend themselves. The more time a fence buys the defenders, the greater the probability that the attacker will be repelled.

Properly used a private key is a fence. Every use of the key must be monitored. There must be time to respond to unauthorized use or the fence is pointless because when it is eventually breached, you have already lost.

Sort:  

Why this article is wrong.

  1. Bank money cannot be printed, or even etched into a metal plate, and stored in a small fireproof container, where nobody knows about it. There is just no comparison between a bank and this particular method of securing the private key of a bitcoin wallet. period
  2. Right now, there is a lot of risk with keeping the wallet on your computer, more than a few incidents of people losing them from wallets stored on their pc, I think even the unlock password was grabbed by a keylogger. Should it have to be stated, that you should not trust Windows with your bitcoins? Really?
  3. While those silly people at Bitfinex may have lost some 1200BTC that were attached to Bitgo accounts, the jury is far from out and the investigation such a collossal theft should have prompted, and the indefinite closure of the exchange, has not happened.
  4. Most exchanges, use cold storage, the keys holding the unlock to spend the bitcoins they are holding in trust for you, as account holder, cannot be breached except physically, and there is serious security around the places where this storage is being done.
  5. Simply, if you are running a secure operating system, with encrypted storage where you keep your keys, and substantial user passwords for blocking remote access to your account if they happen to breach some open service you didn't know was vulnerable, they still can't get at your wallet file. And then, if you have any sense, you have it encrypted with a password as well.

The biggest insecurity in bitcoin is the price volatility, and this is a natural function of its small market capitalisation and contentious development millieu. Double spend attacks, hardware wallets, printed and etched, wallet keys, I mean, seriously, if you make the effort, and don't need to spend the coins on a regular basis, you don't get much safer.

When I was first getting involved with bitcoin, in 2013, I mean, right then and there, the Cyprus government froze everyone's bank accounts. Do you think that this is really secure?

None of the fatal issues with the global financial system after 2007 were really addressed. Almost nobody thinks that within 12 months there is not going to be a serious issue with money in the bank.

But I will say one thing. Longer term, I think that money will turn out to be better secured by systems like the one Steem uses, or what Ethereum can potentially enable.

Nothing is more secure than cryptography, nothing in this whole world. That's the main reason why there is so much of a buzz around blockchain technology.

I don't think the point of the article was that the banking system does not have all the issues related to the global financial system and fiat currencies. The author is not really denying that. What the author is basically saying that 99% of the users out there are incapable of using the security of Bitcoins properly, and hence it invalidates the security benefit that they offer. Sure, if you are a smart user who knows how to properly secure your Bitcoins in a cold wallet, and will not lose your private keys - you are fine. For anyone who has helped a technology illiterate parent/grandparent try to use an iPhone though, imagine trying to get them to handle their Bitcoin security correctly.

You make very valid points but I take issue with the statement 'bank money cannot be printed'. A paper wallet in bitcoin is almost analogous to that of bank notes. I could draw a picture of Dorian Nakamoto and write 5 mBTC and put a private public key pair on it and fund that public key. Then hide that note somewhere. Is it really that different from taking a five dollar bill and hiding it somewhere?

this article is a joke. author should read up on trezor / other hw wallets before jumping to lengthy conclusions. much safer than any bank could ever be.

@bitcoindoom As horrible as the banks are, you do make a lot of valid points. IMO Bitcoin is a major evolution in fiat (by decree) currency. And yes, it definitely has a long way to go concerning the points you mentioned, and ease of use by the general (zombie) public.

The major problem with government fiat currencies is that they are guaranteed to "safely" lose value over time through inflation. Whereas Bitcoin has a lot of risks and it's given people many rewards.

Enjoyed your article :)

My counterpoint is that you want those things to happen in banks USING money. I don't want them to be in my money-system itself. I don't want to be affraid someone can turn their payment to me back. The hacked things are exchanges, which is about as safe as any place where money is exchanged. Thefts happen a lot there with or without Bitcoin, we just don't here about it. People try to make a point that Bitcoin is not secure, to either scare people away, or worse, to cripple bitcoin by building in loopholes going against its principles that make it worth having bitcoin in the first place. Don't confuse a bitcoin bank with bitcoin itself. Bitcoin itself is as safe as it can be, and similar attacks on security happen ALL THE TIME with the banking system, often with even less traces or no traces at all, while Bitcoin has all tracks there and provides a view on catching the thiefs.

At least with bitcoin, your money can't be frozen and bailed in by insolvent, irresponsible banks. That puts it way ahead in the current situation.

You're right. Most of the thefts have occurred from exchange which is again a 3rd party. Hacking bitcoin wallet even with exposed public key is close to impossible.

I've thought a lot about what might eventually drive a significant number of Americans into Bitcoin and 'ease of use + security' will grease the way, but I think more likely it will be the accelerating reality of inflation and zero/negative interest rates on their savings and pensions that will drive people to Bitcoin in spite of the lack of ease-of-use.

Bitcoin security is just a computer science problem to solve, and engineers live for that sort of thing. My first PC the TRS-80 was friggin' primitive compared to my new Galaxy Note 7 and in 10 years I suspect cryptocurrency use will be quite easy and secure.

In short , Bitcoin offers a way to preserve wealth and interact in an increasingly online world, and don't forget, for the first time, we have a viable way to opt-out into a less corrupted system.

Loading...

Just to be clear. You are not arguing the doom of bitcoin, but the problems with the storage of it - banks vs. wallets. Your arguments are valid, but it is easy to compare a system which matured over hundreds of years with one which is not ten years old. Whatever is happening now with hacking and losing crypto coins are part of the process to mature. For you to assume that crypto must take on the same mature form which worked for fiat banks is wrong. Whatever a mature crypto banking system will be, time will teach us. But I am very sure that when it is mature, it will be superior to the fiat banking system.

The biggest flaw of the banking system, that arose in the middle ages, is its centralisation. While it is true that it is convenient and cheaper to defend all the eggs in one basket, it also means that you can win big if you violate that basket. Cryptocurrencies enable people to dial up or down the centralisation of their financial security according to their needs and risk appetite. Just as it was not so long ago that bank robberies were a common occurance, and really, even now, with electronic banking, the robbers have just moved online. They represent the essence of the problem with the old established banking system. Cryptocurrencies allow the dispersion of the assets in such a way that the big rewards of bank robbery become diminished.

Over time this decentralisation of security will increase. Computers enable the security to be automatically performed by software agents, and simple protocols that do not require advanced training, the training is built into the software. Ultimately cryptocurrencies will lead to everyone being their own bank, because there is no benefit to trusting anyone to protect it, when the cost of individuals protecting their assets falls to zero, where previously, it was much higher.

And that my friend, is what the financial world fears the most. If each person can take care of their own banking needs, they cannot extract value from the value creators anymore!

@bitcoindoom

You are using a false analogy but I upvoted because you make some very valid points.

It depends on the situation. For example in Cyprus they got a haircut, literally their money being stolen. Also, there are online services today, that serve as banks. You are talking more about the old days of crypto

Wasn't bitfinex just "hacked" because they didn't use the multi-sig service of a 3rd party properly?

@dantheman

I wasn't actually having bitfinex and similar corner-booth exchanges in mind but rather trusted merchants like coinbase and kraken. Let's face it. You can store your money in a Swiss bank and you can also store it in a Botswanan' one.

"Banks" covers a very wide spectrum. Like I said above. It depends on the situation.

I actually pull out all my funds when Bitfinex required me to use google auth or Bitgo as and 'extra measure' of security. I found my self having to confirm things 6 times - then use google.
To me? If someone has access to my email and can read the texts confirmations that com in on my sip account, then they deserve my Bitfinex withdrawal. Ether way. I got out before hand on MtGox, Bitstamp and Bitfinex.

I think it makes no sense to compare currencies with banks but with any other currency like the dollar. In my opinion, save money ( bitcoin , dollar , gold, etc. ) in the bank will always be safer to keep at home.

time to reinvent genetic passwords

wellcome my art
https://steemit.com/art/@romanskv/watercolor-sketches

It is odd that you rate users responsibility for how secure a system is. User responsibility is NOT how secure a system is.

I think Bitcoins transparency with regards to transaction that's occur on the blockchain is one of the key reasons banks wont incorporate bitcoin in to their systems. Banks and clients both rely on privacy of data over transactions made to keep certain types of information secret. That information is only shared with the people concerned. For example Apple wouldn't want a transaction sent to a parts supplier to be disclosed as it might cause a leak in sensitive data revealing their future plans. This in my opinion is the one reason banks would never employ a public chain for transacting. They are however using blockchain technology to create private chains that would give it the features of the blockchain that are so revolutionary whilst tweaking it to solve some of the problems you mentioned in the article.
The one thing i can say about the security aspect of Bitcoin is that whilst it maybe be insecure for individuals, atleast if there was a hack only the hacked accounts would be compromised as compared to an entire system being hacked and a lot of data being stolen. Its harder to hack 10,000 computers individually than it is to hack 1 central system. Thus a Mr. Robot type financial meltdown would be less likely to a financial system when dealing with Bitcoin.

This is why what the https://z.cash/ project is about and why it will become very important. All the media chatter about bitcoin relating to the deep web markets ignorantly plays up something that just isn't true about bitcoin in the first place, although it can be very easy to obscure the route of money flow. But for corporate business, and why banks are important for business, is precisely this concealment of transaction pathways. In fact, it is an impediment that zcash will help remove from businesses dealing only in cryptocurrency. Criminals may need to 'launder' their money but companies also need to keep this kind of thing confidential just the same.

I think this is a poor analogy. Holding money in a bank would be like holding bitcoin on an exchange. You don't have a private key and it basically acts like any normal bank would. You can get your password recovered or reset just like any normal bank and they are now starting to become FDIC insured as well.

Holding bitcoin in your own private wallet or in cold storage would be like hiding cash at your home or burying gold in your backyard.

Saying that banks are more secure than bitcoin is not the correct way of looking at things. IMO it's the same as saying banks are more secure than USD... it doesn't make sense. Banks are just a tool for traditional currency and they will also be used for bitcoin.