The bitcoin boom has awakened the mainstream masses to cryptocurrency speculation or investing, depending on your perspective. Thanks to public exchanges like Coinbase, the hacker-nature of bitcoin is polished into something more akin to a smooth, consumer-facing tech company.
In fact, that’s how Coinbase initially billed itself, as the “Gmail for digital currency.” But while bitcoin may be ready for mainstream adoption with these exchanges, are mainstream consumers really ready? If people’s digital security habits are anything to go by, the answer is probably no.
It takes a fair amount of sophistication to deal with bitcoin, security-wise. Polished as it might be thanks to smooth user interface, useful banking partnerships, and FDIC and private insurance, there is only so much even a unicorn like Coinbase — or a major bank or tech giant — can do to tame bitcoin, though an exchange can insure or transfer risk. By design, it is a wild thing, capable of operating without third-parties, central banks, or governments. It has no master or authority.
One of the most critical things about this feature, in practice, is that a fraudulent transaction cannot be reversed. With a bank, if someone manages to get into your account and steal your money, you have recourse. With bitcoin, you could be completely screwed.
How safe is your bitcoin?
This has reared its ugly head before. As Jen Wieczner’s excellent Fortune story noted in August, very savvy people have had their bitcoins poached from accounts that they had assumed were secure, even when they had two-factor authentication (2FA).
In one horrifying case, an artificial intelligence startup’s CEO got a call from T-Mobile to confirm his phone number was being swapped to a new device. Before he could do anything, he watched his accounts drain from Coinbase.
There are many horror stories like this one.
And if it can happen to an AI CEO — whose account had 2FA — what does that mean for your dentist who informed you that he’s “getting a little into this bitcoin-crypto thing”?
Bitcoin was nurtured by tech enthusiasts who believed in the project and understood its stakes, its inner-workings and security risks. This is changing. Emails, questions, and survey answers Yahoo Finance are receiving, as well as Coinbase signup increases, show that “civilians” are coming in droves. So much so, that Coinbase’s CEO Brian Anderson recently put up a blog post imploring users to “please invest responsibly.”
Your password is bad, and your 2FA may be false security
Most people do not exhibit great digital security practices. According to a recent survey from EPC Group, a consulting firm, 11% have been using the same password for seven or more years. Almost two-thirds of Americans include personal details in their passwords. When asked how often they change their password, “only when the site requires me to do so” won by an enormous margin.
Some people do use 2FA, but most people don’t. According to data from Duo, an authentication provider, only 28% of people use it — and the majority started because they were required to. A joint study between Johns Hopkins University and University of Maryland found 45% of people used it sometimes.
Banks and financial services providers provide 2FA across the board, but not everyone uses it since it’s not always required. The ones they do use, may not be very secure, phone-porting schemes can hijack someone’s phone and compromise the system. People’s phone numbers are, generally, publicly accessible.
Coinbase has had problems with this in the past, which is likely why its CEO recently asked users to “please migrate from SMS two factor to Google Authenticator to enhance the security on your account.”
The huge inflows into bitcoin make it attractive targets, Stephan Simon, a security researcher at cybercrime company Binary Defense Systems told Yahoo Finance. Even professional bitcoin companies that are familiar with the risks are finding themselves hacked. Bitcoin mining company NiceHash just lost around $64 million worth of bitcoin. “They lost everything because they had it in one wallet,” said Simon.
There’s also the flip side of this game — the dangers of too much security. There have been more than a few instances of people losing the one piece of paper with the key to their bitcoin accounts, leaving them completely out of luck.
So, does that mean consumers should stay away from bitcoin? If they’re the kind of person who doesn’t have a passcode on their phone, then it really may not be right for you. But if you’re going to choose to put a few bitcoins in your pocket, take the opportunity to revamp your digital security habits. The stakes are high — act accordingly.