Topic: Are normal people are too careless to secure their own bitcoin wallets? (Read 605 times)

I like what DeathandTaxes said about dedicated hardware wallets. Two-factor authentication is good, but you still have to trust the third-party "bank" not to let their server fail.

But the bottom line is that I think most people will be too lazy/careless to really think hard about security, even if others made it easy. Nowadays, it's cheap and easy to use a long, random password, but most people are just too lazy to do it.

My thoughts: People would be better off keeping most of their money in fiat in the bank and then pay a third party a small fee to do transactions in BTC on their behalf. So if a Kenyan living in China wants to send a 10,000 RMB remittance back to Kenya, he can go to Eastern Union Bitcoin, Inc. and hand over the 10,000 RMB. Eastern Union Bitcoin, Inc. will do all the BTC buying/selling and currency conversion from RMB to USD and then hand the money over to the Kenyan's Bitcoin-illiterate, bank account-less family members for a fee much less than Western Union's free.

In this way, Bitcoin gets used, but people who aren't ready to handle their own security can still use the fiat system they are used to. Same thing with this Bitcoin ETF. People can invest in bitcoin without having to really get into the nitty gritty. I think bitcoin, if it becomes successful, is going to be like the linux/unix of currency. It'll be operating in the background where and when it makes sense to use it, but the vast majority of users will not be directly working with it for ordinary transactions. They'll interface with BTC through layers of software and 3rd parties in the same way that we all send information through linux-based operating systems on workstations/servers/routers/phones every day but maybe only 1% of us actually run linux on purpose.

As with anything computer-related, bitcoin security is only as high as your own personal habits.  A lot of people have no clue when it comes to security, and they are the ones liekly to get bitten.  The problem comes from high-tech 'toys' that 90% of people don't really understand fully, but 'have-to-have' since everyone else does.  Bitcoin is the new fad, so the Paris Hiltons of the world will flock to it until they space out and lose their keys or get bored and run to the next thing in line.

Normal people are too careless to secure their own wallets and it will need to be handled by a trusted source.

If "Neither option seems great", then what do you propose?

We can educate users, but I think this will be harder to do.

Bitcoin is still in its infancy.

If bitcoin ever makes it to mainstream use, I fully expect to see audited, regulated, insured, bitcoin banks.

Simple answer is yes, however like most problems it can be solved with technology.

Just some ideas (hardly exhaustive) to get your mind thinking:

Hardware wallets will make it possible to be significantly more secure even among foolish users.  The main attack vector to any theft is access to the private key.  If we assume that general purpose computers are simply too hard for average user to secure properly then logically the private key shouldn't ever (not even for a millisecond) be on the GP-PC.  Instead we move the private keys to a dedicated hardware wallet with independent display and keypad.  The DHW can rely on a GP-PC for connectivity to the network but all signing of transactions is internal to the device.  Hackers can't steal what they don't have access to.
 
Another route would be multi-sig wallets.  There would use two (or more) devices to partially sign transactions.  It would take multiple signatures to authenticate a transaction.  So you spend from your high value saving's wallet on your home computer and it is half signed by your home computer wallet.  On a server somewhere a watching wallet sees the half signed transactions and sends the details to your smartphone.  A notice appears on your smatphone showing the time, amount, IP address, Bitcoin receiving address, etc.  If authorized you ok it and your smartphone provides the second required signature. For the sufficiently paranoid given a large enough market I could see development of dedicated hardware signing devices with independent WWAN connectivity.

Eventually you will likely see Multi-sig banks/eWallets.  Imagine an entity that simply can't spend/steal your money without your permission.  The added advantage is if a merchant trusts the bank/wallet to not double spend they can accept 0-confirm transactions.  It is far easier for a merchant to trust a handful of well known entities then to trust thousands or millions of semi-anonymous customers.

How often do people lose very important information on computers or get it stolen out of carelessness? People don't want to be securing their own wallets and being their own bankers. They won't trust themselves to personally handle security of their bitcoins.

Nor will most people trust handing over 10,000+ dollars to some "online wallet" that promises not to run off with your unrecoverable, uninsured savings.

And can you imagine how hard hackers will work to design viruses to find and steal private keys once bitcoins become more popular? In a world with billions of dollars of bitcoins sitting on computers, those viruses will be everywhere.

Bitcoin requires you to either a) be very meticulous and responsible with security (i.e. securing a long, randomized password, taking precautions against keyloggers, setting up multiple wallets or b) trust your security to someone else based on reputation and webs of trust. Neither option seems great.