I've been wrestling with the obstacles that I see to mass adoption of bitcoin. Some, such as merchant adoption and software tools to make BTC more accessible are being solved little by little every day. But I'm struggling with what I perceive may be a security paradox with Bitcoin. In fairness, it is probably inherent to other online transaction systems such as for fiat as well. But it is more severe for cryptocurrency because there is no centralized authority, no 1-800 phone # you can call when things go wrong.
The basic issue I'd like to resolve is: How do you make BTC so safe and secure that over a person's lifetime they never experience (A) theft or (B) loss of some or all of their BTC holdings? By "loss" I mean losing access to your BTC permanently due to lost wallets or passwords with no chance of recovery. The possibility of loss due to mis-addressing a BTC payment is a separate issue I'll leave alone for now.
Ideally we'd like to get BTC security to the point where it is virtually impossible to permanently lose BTC or have them stolen from an account, on the same level of confidence that we have in SHA vs. password hacking, for example.
Problem is, the dual issues of BTC loss and BTC theft are mitigated by countermeasures that largely contradict one another:
1. To prevent accidental loss, a person should keep multiple copies of their passwords and/or wallets in secured locations where their is minimal risk of them being lost, thrown away, burned to a fiery crisp, etc. Multisig should be avoided to prevent the risk that any one signature authority is lost (for any reason), preventing access to the account.
2. But to prevent theft, a person should minimize deploying copies of their passwords and/or wallets to multiple locations, multiplying opportunities for theft to occur. Multisig should be used to block theft in cases where one password is compromised.
3. Just to compound the challenge, for BTC to reach mainstream adoption,
complexity must be avoided. So a solution that prevents both theft and loss, ideally, should also avoid complexity.
For example, as a best practice I might recommend using a multisig account requiring 3 approvals/passwords. Then store Password A on my computer with backups on DVD and my brother's computer in another state. Password B is on my cell phone, with backups in my wife's cell phone and a secured cloud storage account. And Password C is on a paper certificate in a safe in my house, with hardcopies with my mother's house in a 3rd state and a safe deposit box. This _might_ be robust enough versus theft and loss, but would be a pain to implement and maintain. Especially for everyday use.
So who has a solution to this conundrum? One that really would be reliable over the events of a person's lifetime and all manner of disasters (war, fire, economic collapse and so forth)?
I don't like the idea of centralized authorities for currency in principle, but more and more I'm leaning to the idea that there will necessarily be "bitcoin banks" who take on the complexity of securing bitcoin funds in exchange for a fee. Someone you can call after your dog pees on your computer the same day your brother's house goes up in flames and you realize your kids have been using your backup DVD's as frisbees.
Of course with bitcoin one can still be your own bank if you make the effort, and I think that is essential. But I'm thinking it may be the exception rather than the norm over the long run, and that we will have too many horror stories from BYOB people who didn't think through their own security from a decades-long perspective.
Flame away! :-)
************************
Excellent comments below; summary (to date, 2/23/15) of best practices in post #27:
https://bitcointalksearch.org/topic/m.10555369