“As you grow these things, you become a victim of your own growth momentum,” says Fadell, who developed Ledger Stacks, a signature tool to secure digital assets, and is now a board member at a digital asset security firm. account book. “If you introduced these features and functions without proper review, and now customers are demanding security, you’ll realize you should have designed it differently from the start, and it’s much harder to undo what you’ve already done.”
However, an important aspect of designing secure technology should also be ease of use. Without this, it is very easy for users to make mistakes or use unsafe workarounds that weaken device security. Think of a POST stuck to a monitor or some variation of “123456” or “admin” for the password.
such as with digital asset security tools signatories-commonly called “wallets” – such errors can have seriously harmful consequences. For example, if a user’s private key falls into the wrong hands, bad actors can use it to steal their digital assets. suggest estimates About 20% of all Bitcoin – worth about $355 billion – is inaccessible to owners. One reason for this is probably that they have lost their private keys.
In the past, crypto tools have been extremely difficult to access. As cryptocurrencies become more popular, valuable, and mainstream – attracting more attention from criminals as the stakes increase – designers and engineers are prioritizing both security and usability when developing digital asset tools, insisting on thorough research.
Three components of security
Strong security models for tools like signers, which are used to secure blockchain transactions, require three key components. First, a secure operating system. Second, a secure element to bind software to hardware. And third, a secure user interface. Each of which needs to be repeatedly tested by researchers and white hat hackers to simulate real-world attacks and improve product resilience and usability.
The first two elements focus on securing device software and hardware. Secure software has always been a problem, but it has improved over the past decade, as security architectures and processes have been refined. Meanwhile, hardware security components have become widely available – from trusted platform modules on computers to secure enclaves in smartphones – allowing digital information to essentially be locked to a single device.
For crypto signers, the hardware must provide encryption capabilities. And the security of the software must be tested frequently. For example, Ledger has a secure OS and a secure element that handles encryption primitives, and a secure display that prevents takeover of the device.
Security and usability working hand in hand
Property recovery is a major consideration when designing signers. If recovery options are not easy to access, the owner may lose access. But if recovery procedures are not secure enough, attackers can exploit the system. For example, with SIM swapping attacks, attackers can tap into the mobile communications channel used for account recovery and “recover” the victim’s password to steal his or her assets.
