Being Your Own Bank Is A Double-Edged Sword
Why we need to design more human-centered ways of managing private crypto keys
Crypto wallets are secure, but the private keys we use to access them can be very difficult to keep safe. How might we design ways to keep our private keys protected? In part one of this series, we take a look at the challenges with managing private keys today. Read part two here.
With the advent of blockchain-based digital currency, the promise was that it was possible to “be your own bank.”
By eliminating reliance on centralized monetary and financial institutions, we would no longer be susceptible to high fees that transactions processors and banks charge, transaction censorship, government seizures or monetary debasement. We could transact in digital space (the internet) without knowing each other, without unnecessary intermediaries, much the same way we do with cash in the physical world.
But in the ten years since Bitcoin was released, the promise of autonomous control of one’s digital assets remains largely unfulfilled, leaving users to choose between two options: either find a way to store their private keys in hardware and digital wallets which are fallible to user errors, or turn to the new intermediaries of the crypto space.
What private key management looks like today
Some users have turned to hardware wallets to store their own private keys themselves. (For those unfamiliar, a private key is, in essence, a passcode in the form of a string of characters or words that verifies ownership of your cryptocurrency and enables you to spend it.)
It can be particularly frightening when you are wholly responsible for safely and securely storing your private keys. Remember, the beauty and challenge of crypto-currency is that you can “be your own bank.” This is a double-edged sword; on the one hand you have full control of your funds (unlike if they’re stored in a bank), but on the other hand, if bad things happen — like if you’re robbed or you mistakenly lose your private keys — then your funds are gone, and not recoverable.
Most people aren’t equipped to deal with the high stakes of managing their own cryptocurrency, nor do they want do. Setting up a key storage system that is resilient to both outside attackers and user error is extraordinarily difficult. If you’ve ever tried to set up your own wallet, you’ve probably experienced the anxiety and fear that comes with it. Setting up a cryptocurrency wallet means you have to store either a private key (64 “random” letters and numbers) or a 12–24 word phrase that is the recovery seed for your key.
But where do you store the private key or phrase? Do you write it on a paper and put it under your mattress? What if someone breaks into your house? What happens if your house burns down? How do you recover it? Do you store it digitally? What if a hacker gets access to your data? What if you pass away? Will your family have access to it?
As an alternative, some users of digital currency and assets have turned to the types of intermediaries I mentioned — quasi-banking businesses such as Coinbase, Circle, or Xapo — to hold and secure access to their assets, because the risks and challenges associated with holding their own assets are too great.
Unfortunately, these intermediaries pose some of the same risks as today’s banks do, because they fail to create products that support users in being the custodians of their own private keys, thereby centralizing the usage layer. If we’re centralized at the usage layer we introduce systemic risks that could be eliminated, like large scale hacking/theft, bank bankruptcy, or, in some parts of the world, government seizures.
And blockchain may matter for more than just money…
These systemic problems extend further for non-currency blockchain based projects. There are currently very nascent blockchain projects aiming to decentralize and secure your video game collectibles, identity, health-care data, property, and file storage…all controlled by private keys. Without the ability to manage private keys, none of these will reach their full potential.
For example, using a blockchain to store and secure personal health data may seem promising, but it doesn’t fulfill the goal of putting us back in control of our data, if we have to rely on someone else to store our private keys, and thereby still give a third party access to our data.
This is a massive opportunity for design to create products and services that help people confidently act as their own bank by controlling their own private keys. Enter: programmable custody.
In the follow up piece, Programmable Custody: Key Management Gets Smart, we’ll talk about a third solution for managing private keys: programmable custody. Read it here.