Securing cryptocurrencies through biometrics

Securing cryptocurrencies through biometrics
(Image credit: Shutterstock / Wit Olszewksi)

Bitcoin has been all over the news in recent weeks. Its valuation has shot up in these last twelve months, even reaching $58,000 last month – worth over £41,000 at the time of writing. That makes it worth more than Facebook and Tesla, and its meteoric rise has attracted the attention of investors from all different perspectives – from individual investors looking to cash in on a quick win, to Tesla itself buying $1.5bn worth last month.

But it isn’t all good news. Take Stefan Thomas’s story, for example. 10 years ago, the US-based programmer was gifted 7,002 bitcoins, worth between $2 and $6 each at the time. He hid them away in an anonymous digital wallet and they’ve since become worth over $220million. Most of us would be delighted of course. The problem? Stefan has forgotten the password to unlock this wealth, leaving it all but lost in the ether.

Sadly, Stefan’s story isn’t unique. In fact, there are plenty of similar examples of forgotten passwords resulting in literally lost fortunes. Forgetting passwords has long been an inconvenience, haunting humans since their introduction. But for those invested in cryptocurrencies, forgetting your digital wallet password isn’t just inconvenient. It could be throwing away the keys to unlock an early retirement.

‘New money’ exposes outdated passwords

Access to cryptocurrency wallets is typically controlled and managed by passwords and other knowledge-based credentials. Yet, as we have discussed above, it’s being proved time and time again that these methods – which have long been considered the symbol of authentication – are no longer fit for purpose. In fact, recent research has found they are actually inconvenient for the user, with two in five (38%) individuals forgetting a password at least on a monthly basis and having to reset or request for it to be resent.

Put simply, passwords create challenges. The same study found consumers manage an average of 14 online accounts (for example, emails, banking, bills, shopping, entertainment, etc.) each and have to remember around nine different passwords for use across those accounts for access. With that amount to manage on a daily basis, it’s no wonder some are being forgotten – and with costly ramifications.

Passwords also create an easier target for fraudsters looking to steal cryptocurrencies. The fraud landscape has grown considerably in recent years, with malicious actors continually phishing for personal information over phone, email, text, social media or in-person. The more we’re online, the more potentially exposed we can be. As a consequence, traditional PINs, passwords and challenge questions often aren’t delivering the goods when it comes to cybersecurity. Whether it’s the town you were born in, your mother's maiden name or the name of your first pet, nothing is untraceable in today’s digital age. In fact, these credentials can often be purchased online on the Dark Web by fraudsters.

What’s more, other insufficient measures like One Time Passwords (OTP) via SMS, only give an unfounded sense of security – and do not represent an effective way to stop ID theft and account takeovers. In fact, they could even leave individuals and businesses more exposed to the likes of SIM swap attacks. For example, a few years ago, tech investor Robert Ross lost just shy of $1M in less than an hour at the hands of a fraudster, who convinced a contact center support agent to change his phone number to a new SIM. Once in possession of the new number, the fraudster requested password resets on Robert’s email and financial accounts and every one-time password was sent to the perpetrator’s device. This gave the fraudster total control, enabling them to gain access to multiple accounts and, tragically, to steal Robert’s life savings.

A reliance on these outdated means of authentication is costing individuals, businesses and the economy – with banks having to shell out millions in customer fraud claims every year. This is why it’s time for the likes of cryptocurrency exchanges and digital wallet providers to rethink how they secure their customers.

Why biometrics is the true secure pathway

A stronger and more effective alternative to passwords and PINs, biometric-based authentication could provide an answer for the cryptocurrency password problem; strengthening security and halting fraudsters in their tracks, without the need for customers to remember any information at all.

Voice biometrics, for example, uses advanced algorithms and artificial intelligence to analyze more than 1,000 voice characteristics – from pronunciation and tone, to the size and shape of the nasal passage. Using it could not be easier for customers: a user would simply be asked to repeat or say a short phrase - for example, “my voice is my password” and the engine will validate whether someone is who they say they are immediately, based on how they sound. Each human voice is as unique as a fingerprint, so this type of technology is a far more advanced alternative in terms of safeguarding customers.

Another protective layer that should be added on top of voice biometrics is behavioral biometrics. Alongside the voice analysis, this measures some of the most minute details - such as how an individual holds their phone, how they type and even whether they pause once they finish a task - in order to create an expected profile and identify a person. Systems that incorporate biometrics - alongside other safeguarding technologies such as multi-factor authentication, end-to-end encryption and public key infrastructure - are considerably less susceptible to fraud attacks.

With Blockchain-enabled technologies, such as cryptocurrencies, set to change the face of the entire currency and payments ecosystem, protecting and securing the customers using them has never been more important. Those who choose to invest - from individuals to global businesses - need a convenient and secure way to access their digital wallets. And traditional passwords no longer fit the bill.

Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters. Digital currencies are set to change the way we see and use money. It’s high time the technology deployed to safeguard them is fit for purpose.

  • Brett Beranek, VP & General Manager, Security & Biometrics, Nuance Communications.
Brett Beranek

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications.