What’s Next for Bitcoin Wallet Security?

Times have been busy in the bitcoin wallet world lately. Two hardware wallets – Trezor and BTChip – have finally shipped, and wallet security continues to mature.
In spite of all this, though, people who should know better are still being robbed because they fail to add more protection to their bitcoin holdings.
To tackle the issue of bitcoin wallet vulnerabilities, it’s important to look at the security protections that are currently available for wallets, and to explore what work still needs to be done in the future.
Multisig
2014 was to be the year of multiple signatures (multisig), according to Gavin Andresen in his 2014 State of Bitcoin speech, and there has been a lot of activity on this front. Multisig allows wallet owners increased security by requiring that a third party sign off on transactions before they’re finalized.
This paves the way for third party risk services, said Gary Rowe, CEO of popular bitcoin walletMultibit:
“If you are buying a 10,000 car or something like that with bitcoin, people might send a text to confirm that transaction.”
Multibit is based on Bitcoinj, a Java-based implementation of bitcoin. Bitcoinj now has multisig support built-in, along with pluggable transaction signers. This means that some wallets based on the software, such as Hive, have incorporated it, too.
But we shouldn’t pin all of our security hopes on multisig wallets.
“Not everyone will buy into them as being part of the decentralised ethos of bitcoin, so they can’t be relied upon as being the only solution to the problem,” said Rowe, who added that multisig wallets are also more complex to use than deterministic wallets.
Deterministic wallets
Early bitcoin wallets generated addresses randomly. Bitcoin addresses aren’t supposed to be reused, which means that when used properly, there should be many addresses in a single wallet. This makes it difficult to recover those addresses if they are lost.
Deterministic wallets create addresses using a simple multi-word phrase, randomly created by the user. The phrase will also create the same set of addresses.

This post was published at Coin Desk on October 26, 2014.