Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Wallet software
Re: Biometric BTC wallet?
by
Hal9900
on 04/10/2019, 17:18:08 UTC
I started a thread about another biometric wallet, ZenGo, and I was informed about this thread here where more people are involved. Here are the posts so far and I'm curious what you computer experts think of this new wallet:

A few weeks ago I heard a podcast with Anthony Pompliano and the founder of ZenGo, which uses ZoOm, a facial recognition security app to secure Bitcoin. I’ve had a couple of discussions with Ouriel Ohayon from ZenGo about the benefits of ZenGo over Ledger. In comparison, Ledger already seems antiquated but has ZenGo been vetted enough to trust that ZenGo is secure? Since ZenGo uses ZoOm I can see how one party would blame the other party if hacking were to occur. I am not a security expert. What do you all think of ZenGo?


There's a discussion about using biometrics to secure your wallet here: Biometric BTC wallet?
The TL;DR is that it is generally a bad idea as it is far more easily broken than a strong password or passphrase.

In terms of the ZenGo itself, I've not heard of it before, but I've had a quick poke around their website. There are a couple of things which give me some concern.

Firstly is that they extensively use cloud servers for back up. Both the client share on your phone, and their server share which they store, are backed up to the cloud. You don't need me to tell you how poor cloud security generally is - you can do a simple web search and see story after story of cloud servers being hacked.

Secondly is their recovery mechanism. If they go out of business, then they have an escrow who will release a master decryption key so all users can still access their private keys and therefore their coins. That's great, but it means there exists a single point of failure for their entire system - the master decryption key. This has been created and transferred to an escrow. We have no idea how many copies of it exist, how many computer systems it has been on, how many people have had access to it, or how good the security currently protecting it is. It's a massive vector of attack, as if someone gains access to it, they can potentially gain access to every coin held by every owner of one of these devices (and as we said above, with all the back ups being stored on the cloud, this is a real concern).

@o_e_l_e_o

Thank you for your input. Wow, I am glad I did not move my coins to ZenGo yet. I am not technologically minded so I need to rely on you experts here. I don't feel comfortable leaving my Bitcoin on Coinbase and using a Ledger with a 24 word seed phrase just seems antiquated, like I said before. Is this really state-of-the-art? Also, like I said before ZenGo uses ZoOm facial recognition. I am not sure that ZoOm is equivalent to the biometrics in your link. Can you check out the white papers on ZoOm and let me know what you think?

https://www.zoomlogin.com/#page-blk-white-papers