Topic: Biometric BTC wallet? (Read 832 times)

But you didn't answer @keychainX question.

Their wallet is only partially open source (specifically only their threshold cryptography code) and backup file only can be read by ZenGo wallet.
The wallet don't have option to backup private key, seed or mnemonic phrase which encrypted with user chosen password or Face/Touch ID.

Read here - https://zengo.com/security/ to know more about Zengo Keyless security. There is no point in discussing here about how Zengo works? Anyone can give any suggestions but before using any wallets, one should do a lot of research about that, check their reviews and then only they should use it.

So this keyless wallet, what happens if Zengo goes away, where are my keys?

It is not cut and paste, it is the definition of the wallet in my words.

I saw this thread and searched about Biometric BTC wallet and found these wallets.

I am not sure how safe is this wallet, as I have not used these wallets. It was just a suggestion.

How did you find this wallet?

According to the whois, the domain of zengo was registered 1999(Such a good domain)

So how safe this wallet is?

And I found that the domain wayback/history this website is not yet alive until april they have a representative here on the forum but they are not active. You can check their profile here https://bitcointalksearch.org/user/zengo-2568273

So how safe is this wallet?

Seriously, cut n paste from zengo website

your security is distributed between your device and ZenGo servers

No ZenGo, Not your coins....

I know Zengo wallet provides Biometric 3D Face Authentication and D’CENT Biometric hardware wallet provides Fingerprint Biometric Authentication.

• Zengo is the first Keyless Crypto wallet that as no Private keys. It has distributed security between our wallet and ZenGo servers. Even if the wallet is lost or hacked, our assets are safe.

• D’CENT Biometric hardware wallet has built in fingerprint scanner which acts as an additional security for accessing wallet.

---

Source: https://zengo.com/
https://dcentwallet.com/overview/specification.html

Could you elaborate please, it seems like an interesting idea.

Thats why you probably would salt it with additional data

So has anyone read the ZoOm white papers? What do you all think of it? It passed all these security tests.
https://www.zoomlogin.com/#page-blk-white-papers

The problem with Adroid or IOS is that it does not let you read the data from a finger or face, the phone only let the app confirm the submitted lock finger/face match the touching finger/face. Which means a rooted phone could be hacked if the android or OSX is "modified"

Then there is always problem with the backup phrase, or if someone has an accident and looses a hand, what then?

I started a thread about another biometric wallet, ZenGo, and I was informed about this thread here where more people are involved. Here are the posts so far and I'm curious what you computer experts think of this new wallet:

A few weeks ago I heard a podcast with Anthony Pompliano and the founder of ZenGo, which uses ZoOm, a facial recognition security app to secure Bitcoin. I’ve had a couple of discussions with Ouriel Ohayon from ZenGo about the benefits of ZenGo over Ledger. In comparison, Ledger already seems antiquated but has ZenGo been vetted enough to trust that ZenGo is secure? Since ZenGo uses ZoOm I can see how one party would blame the other party if hacking were to occur. I am not a security expert. What do you all think of ZenGo?


There's a discussion about using biometrics to secure your wallet here: Biometric BTC wallet?
The TL;DR is that it is generally a bad idea as it is far more easily broken than a strong password or passphrase.

In terms of the ZenGo itself, I've not heard of it before, but I've had a quick poke around their website. There are a couple of things which give me some concern.

Firstly is that they extensively use cloud servers for back up. Both the client share on your phone, and their server share which they store, are backed up to the cloud. You don't need me to tell you how poor cloud security generally is - you can do a simple web search and see story after story of cloud servers being hacked.

Secondly is their recovery mechanism. If they go out of business, then they have an escrow who will release a master decryption key so all users can still access their private keys and therefore their coins. That's great, but it means there exists a single point of failure for their entire system - the master decryption key. This has been created and transferred to an escrow. We have no idea how many copies of it exist, how many computer systems it has been on, how many people have had access to it, or how good the security currently protecting it is. It's a massive vector of attack, as if someone gains access to it, they can potentially gain access to every coin held by every owner of one of these devices (and as we said above, with all the back ups being stored on the cloud, this is a real concern).

@o_e_l_e_o

Thank you for your input. Wow, I am glad I did not move my coins to ZenGo yet. I am not technologically minded so I need to rely on you experts here. I don't feel comfortable leaving my Bitcoin on Coinbase and using a Ledger with a 24 word seed phrase just seems antiquated, like I said before. Is this really state-of-the-art? Also, like I said before ZenGo uses ZoOm facial recognition. I am not sure that ZoOm is equivalent to the biometrics in your link. Can you check out the white papers on ZoOm and let me know what you think?

https://www.zoomlogin.com/#page-blk-white-papers

Most likely you are talking about phone lock. Almost all new Android phone coming on markets with fingerprint feature. It can't be compare with Biometric wallet. If there is Biometric wallet then it should be attached individually for each wallet (not with phone)

That's what I was talking about. Not only risk, there would high risk.

Of curse there was detection problem. And what will happen if this detection problems occurs during your transaction on Biometric wallet? You will not able to make transaction when you need.

The wallets that you mention above basically use 'TouchID' (fingerprint authentication).


I'm pretty sure the failures that you see is not because of connection problems but detection problems. Either the base data that was used to check is faulty, or your log-in process has issues. Some machines can't do their job if you have too much sweat on your finger, for example. Better tell your company to buy a new one. My sister is having the same problem with her office check-in mechanism, and I can say for sure that the device does not need the internet. The fingerprints data are stored offline.

Well to be on topic rather than discuss the advantages/disavantages of biometric over pin or password...

The wallets i have used so far that have the feature you are looking for;
- Coinomi Mobile uses Finger Print ID
- imToken 2.0 Mobile Version uses finger Print ID

Pin is usually the default option, you have to set up the Finger print ID after creating the wallet.

Yes, that's the disadvantage. Another thing is, if Biomaterics failed to connect server. It has been happend on real life. Currently I am working abroad and I have to give fingerprints or face to the machine. Means company collecting attendance by a face/fingerprints machine. So some machines not recognized to me. Fingerprints was not working sometimes even face. So I had to inform authority directly. So if this happen for Biomateric wallet then it would be very hard to move your fund. You might not able to make transaction when you need and you should contact support regarding your issue.

I get that, but personally I'd feel pretty secure since nobody I know knows I'd have any crypto on a hardware wallet (or phone, which I don't).  The chances of me getting forced at gunpoint to access my crypto is very remote.  Yeah, anything could happen but chances are I wouldn't run into a situation like that.  It would be much more likely I'd lose my wallet, in which case a fingerprint-dependent login would be extremely useful.

I wasn't even aware that biometric flash drives are being made.  I happened to come across some for sale on Amazon when I was looking for a flash drive that could be encrypted.  I think it'd be an awesome idea for Ledger or one of the other manufacturers to make a wallet with this technology.  Sure, things can go wrong....but they can always go wrong anyway.

I get your point and I respect it fully.  But I'd still like the fingerprint tech to be applied to hardware wallets for those who'd want them.  I'd sure be interested in something like that.

There will definitely be people who use the faceid or touchid but I'm sure that faceid/biometric kind of wallet are mostly used by the Chinese. With that been said, I totally don't support such platform because the system will be abuse sooner or later even if it was created by a private or decentralized company.

Getting password from users brain is much harder than getting users finger print or retina match. That's why most crypto wallet users keep their trust on password based security rather than finger print or retina scan. Maybe some guys think that its better to continue with modern worlds invention but sometime its better to follow old fashioned way to keep us safer from unexpected attacks.

Wallet security system is always far different than our mobile phone or another devices.

 

Both of those features work but how good and precise are they, that is the real question!
Have a look at what can happen in a real life example from my above post: https://bitcointalksearch.org/topic/m.52384156

Besides, your fingerprints might change or lose quality due to an accident involving fire or boiling water. How are you going to get to your assets if the system doesn't accept your fingerprint anymore?

A biometric wallet is just too big of a risk if you ask me.