Security for the Divi Project
by Geoffrey McCabe, co-founder of The Divi Project
In 2014 I lost what would now be US$40,000 in Ripple when the Justcoin.com exchange happened. I’ve been very concerned about security ever since.
The two foundational pillars towards the goal of mass adoption of any cryptocurrency are ease-of-use and security.
The news is full of stories of people getting ripped off by hackers and online scammers. With a bank or credit card, you have a recourse and may be reimbursed. But with crypto, there’s no one to complain to because it’s peer-to-peer. Because of this, a crypto money management platform like our smart wallet requires extraordinary security. There are several user challenges we must overcome :
- Forgetting passwords
- Use of bad, easily hacked passwords like “password” or “123456”
- Poor security habits, such as putting passwords on post-it notes
- Poor understanding of technology
- Can’t be overly complicated
“There is never a single perfect security solution. Fortresses need walls, moats, AND archers.” — Will Oremus, Slate.com
There’s no single solution that works for everyone, in every situation, all the time. Therefore, we will implement a wide range of solutions, so that DIVI holders can choose those that suit their needs and available technology best. These might include:
Password plus:
- 2FA — Two factor authentication
- Single Password Generator — such as Authy or Google Authenticator
Biometrics:
Then add in a Biometric second step such as:
- Fingerprint recognition
- Face or Palm recognition
- Voice Recognition
Then a challenge such as:
- Quiz of personal details. (Favorite color, first pet, favorite band, etc)
- Memory test of photos or faces
A user will also be able to add:
- Trusted Environment Authentication — you can set your GPS coordinates so it doesn’t work far from your office or home.
- USB plug-in token authentication
Once inside the wallet, individual accounts and wallets can have additional security, such as:
- Vaulted accounts to prevent access until a preset date. (Prevents a person from being forced to send DIVI to a criminal’s account.)
- Fingerprint ID for each wallet, perhaps with the fingerprint hash encrypted into the blockchain itself.
The exact final mix is undecided, but the basic idea is to offer as many options as we can, so that each user can choose the options that they want for themselves. Plus, new options will need to be added as technologies improve. Some people will want to be Fort Knox, and others more relaxed. Whatever a user’s level of desired protection, we’ll have what they need to feel secure.
For more information, check out our website: www.diviproject.org
