Why Bitcoin will never be as secure as a Bank

The probability of losing your Bitcoin balance is orders of magnitude higher than the probability of losing your banking balance for the vast majority of people. The typical response is that you should “keep your bitcoins in cold storage”, but cold storage is nothing more than the age old advice to “keep your bitcoins under your mattress”.

Rather than debate the merits of how any one individual might secure their private keys, lets talk about a structural problem. The security of Bitcoin is dependent upon keeping secrets. These secrets are so complex than 99.9% of people are unable to commit them to memory, and even if you could commit them to memory you never know when you will hit your head too hard.

Bitcoin only has value when you use it. In order to use bitcoin, you must share your secret with a computer. For 99.9% of the population, their computer is orders of magnitude more likely to be infected by malware than their bank account is to get hacked. The truth is that many users have their banks hacked due to the poor security practices on their computer. The difference is, that when your bank account is hacked you can almost always recover the funds.

Bitcoin requires Personal Responsibility

The proponents of Bitcoin like to talk about how “secure” it is. Your account cannot be frozen, funds cannot be seized, there are no limits and restrictions, and it “protects your privacy”. Each of these claims is false in practice.

Anyone who mans the tech support desk knows how frequently people forget their passwords, choose simple passwords, forget to backup, lose their backups, etc. These things are so common that the vast majority of normal individuals experience it every year. If they were responsible for their Bitcoin and any one of these very common things happened to them, then they would be locked out of their accounts.

Most people trust their bank more than they trust themselves or their computer and it is completely justified.

Bitcoin Banks are Less Secure than Fiat Banks

Perhaps individuals could adopt a Bitcoin bank and trust someone else to secure their Bitcoins. Surely this would be at least as secure as a fiat bank, right? Unfortunately, time and time again major bitcoin exchanges have been hacked and lost customer funds. The probability of an exchange being hacked has historically been much higher than the probability that a bank would go bankrupt.

Which is more secure, $100,000 in a crypto currency exchange or $100,000 in any major bank?

If experts in the field are unable to secure their Bitcoin (even when multiple signatures are required), then how can we expect normal users to take on that responsibility?

Multi-Signature Service Providers are Insufficient

There are services that will help you perform Multi-Factor authentication on all transfers. These services will hold one key while you hold two keys. So long as 2 of 3 keys sign the transaction your funds can be transferred. When you spend money you sign it immediately with one key, the service provide will send you a text message and then sign the transaction with their key after confirmation.

This process is certainly very secure and is similar to the multi-factor authentication strategies used by banks. There have been many cases of hackers and social engineers hacking cell phone SIM cards. The question is whether or not this process is more secure than banks?

Two of three multisig is still less secure because of the following:

1. many users will lose one or both keys
2. many users will store both keys on a computer that gets hacked
3. a hacker can gather user keys, then compromise the service provider for the 2nd key
4. a hacker can trick the multi-factor authentication service

When any of these things happen the user’s account is either frozen or the balances are lost forever. All of these things can and will happen with greater frequency than users losing money in the bank.

Why is the Bank more Secure?

The short answer is that banks have the ability to recover / reverse transactions for several days after they are made and they have the ability to reset your password when you lose it. These are two things that Bitcoin is structurally unable to resolve.

The problem is that it is impossible to know you have been “hacked” until it is already too late to recover the funds. If someone hacks your bank account then the vast majority of the time you can recover your funds. Either the transfers get reversed or the bank eats the cost.

There is no bitcoin script that can take the form “all spending from this address must be to outputs that can be canceled for up to X days”. The very structure of Bitcoin (outputs being consumed by the input to a transaction and generating new outputs) makes the required security logic almost impossible to implement. In effect, a Bitcoin transaction output’s claim logic is unable to depend upon the outputs of the transaction it is claimed into.

Requirements for Cryptocurrency Adoption

Before the masses of normal users can realistically enter the space, cryptocurrencies need to offer the following features:

1. hacked account recovery
2. lost password recovery
3. reversal of unauthorized transfers detected within 3 days

These kinds of features are technically possible on turing complete smart contract platforms such as Ethereum, but as of this writing no existing Ethereum wallets implement this logic.

Ease of Use Trumps Security

When it comes to the masses of people, ease of use is critical. Sometimes making things “harder to use but technically more secure” actually makes things practically less secure. An example is requiring people to change passwords every week results in users writing their password on a sticky note stuck on the monitor.

For the vast majority of Bitcoin and Bank users an insecure website with a password remembered by the browser is the appropriate level of ease of use.

The typical approach of increasing security at the expense of ease of use is a fools errand. Instead what is required is to increase ease of use and then offer solutions to mitigate damage and recover from the inevitable breaches that do occur.

Private Keys are Fences not Impenetrable Security

It is common knowledge known by military and preppers that an unwatched fence provides no security. Any security offered by a fence depends entirely on its ability to delay an attacker while the people inside the fence wake up and prepare to take positive actions to defend themselves. The more time a fence buys the defenders, the greater the probability that the attacker will be repelled.

Properly used a private key is a fence. Every use of the key must be monitored. There must be time to respond to unauthorized use or the fence is pointless because when it is eventually breached, you have already lost.