[AUDIENCE] Hey, Andreas.
Thank you so much for everything that you’ve done
for the Bitcoin community and open blockchains.
My question is, how secure is Google Authenticator?
Can they hack [your wallet] as a middleman? Thank you.
That is a great question. Google Authenticator is a
one-time password, two-factor authentication system…
that has a security key installed on your phone.
How secure that is, depends
on how secure the phone is.
If you put Google Authenticator on an Android 5.0
phone that doesn’t have a hardware security module,
or as it is called in Apple terms the Secure Element,
then that key is floating around in memory.
Other applications that you may have downloaded
and allowed far too wide permissions…
can reach into the memory, pull that private key,
and then they have your second factor.
You hear all of that and… this is exactly the problem
with the point at which a regular user says,
“Well, screw that! I’m not using two-factor then.
I will just use one factor because clearly…
as Andreas just said, this Google Authenticator
(in one obscure scenario) could be compromised.”
The truth is, using [two-factor authentication] will make you thousands of times more secure than not using it.
The alternative is doing something else like
SMS two-factor, which is far more vulnerable.
Most people have devices that are quite secure.
Smartphones nowadays are quite robust
devices, they’re not as easy to hack.
Your smartphone is probably the most secure device
you have, [enough] to store keys for small amounts.
Having two-factor versus not having two-factor is the
[choice here]. Yes, there are obscure vulnerabilities.
Better yet, use a hardware one-time password two-factor
device, like YubiKey. Google is [also] making one.
These are hardware devices that store signing keys.
My laptop has [one of these things plugged in] on
the edge, I just have to tap it when I want to login.
That is better than [Google Authenticator], but both
of those solutions are thousands of times better…
than not [using two-factor authentication].
That is really the calculation you need to think about.
[AUDIENCE] My name is Karen. The project I work on
is out in border towns and frontier markets.
Some of the places we [work in] are tough.
One of the things we are running up [against] is the
complete lack of affordable hardware security.
We know of people in the space who are working
on this, but sub-$10 cards don’t exist [right now].
Even then, on-boarding merchants who are
fairly sophisticated, that use feature phones…
with SIM cards for online banking,
but they still can’t access credit…
This is the kind of security things that
I deal with, day-in and day-out.
[ANDREAS] Absolutely. The simple answer is,
you have to wait. We’re not ready for that yet.
That doesn’t mean it’s not coming.
Judging the technology or the market by what is
available today, misses the evolution of this technology.
We’re talking about a technology that, like
many others, is affected by Moore’s Law;
affected by exponential trends in development, interaction between multiple different projects,
that all push together in lowering the cost
of electronics and consumer devices.
If you miss that point, you will judge it the wrong way.
In the early ’90s, if you looked at who owned
cellphones, when they were the size of a suitcase…
I had a cell phone in 1991, it was big [with an antenna],
and the battery lasted for an awesome fifteen minutes.
I had it because my job paid for it, [otherwise]
I can guarantee you I couldn’t afford it.
The only people I knew who had
cellphones at the time were millionaires.
What’s ironic is, if you had [judged]
cellphones at that time, you would think,
‘This tool isn’t helping the people who need help!’
But this tool will cost ten dollars in twenty years.
In fact, it goes from being a status symbol
of the rich to being the exact opposite:
the status symbol today, if you’re rich enough,
is that you don’t have a cellphone.
You have a secretary carrying a cellphone next to you.
Rich people don’t wear Bluetooth headsets.
That is the transition of technology, from ultra-exclusive
to ultra-available for everyone, with a drop in price.
The first hardware wallet I bought? I paid a bitcoin for it.
[ALENA] Thank you! [ANDREAS] You’re welcome, Alena.
[Laughter] It was worth it.
But that’s not the price at which we
[will] take this market mainstream.
There are some hardware wallets that are dropping
in price, to $20 or $30. I hope we’ll see more of those.
[AUDIENCE] My question is a little bit different.
It is related to the architecture. [ANDREAS] Please.
[AUDIENCE] Earlier this year in January, the
Meltdown and Spectre vulnerabilities came up.
Computer researchers and scientists found flaws in
processors and the ability to secure the enclave.
[AUDIENCE] If we look at the price of crypto-coins,
at that [time] they plunged into a ‘Dotcom’-like crisis.
My question is, do you believe that we need to solve
computing insecurity with trusted entities…
and shared environments, before we will come out
with architecture for business-to-business (B2B)?
[ANDREAS] Yes, that is a good question. Trusted
execution environments allow us to trust that…
our own computer is not [being hacked] while
we are using it. I don’t trust my own computer.
Fortunately, the most effective solutions with
cryptocurrencies are low-tech and offline,
such as storing back-up seeds with English words.
Before we had [mnemonic seeds], we used
paper wallets. Now we have hardware wallets.
While the hardware wallets may have problems
with the trusted execution environment,
they interact with the outside word (i.e. your laptop)
through a very narrow, well-defined channel.
Usually a USB-Serial channel,
which has a very specific protocol.
It is difficult, without [physical] access to
the hardware, to compromise it remotely.
[For the most part], we don’t need a
fully trusted execution environment…
to deliver high levels of security and
privacy on peer-to-peer networks.
Fortunately, not [yet].