Coinbase Thinks It’s a Good Idea to Backup Private Keys to the Cloud

On Tuesday (February 12th), cryptocurrency exchange Coinbase said that the Coinbase Wallet app for iOS and Android had been enhanced such that it was now for users to backup an encrypted copy of their private keys to the cloud (iCloud in the case of iOS users and Google Drive in the case of Android users).

Exactly one week after launching Bitcoin (BTC) support on Coinbase Wallet (formerly known as "Toshi"), Coinbase announced that it was "introducing cloud backup for your private keys on Coinbase Wallet". Here is the tweet Coinbase sent out:

According to the blog post by Coinbase Wallet Product Lead Siddharth Coelho-Prabhu, this new feature "provides a safeguard for users, helping them avoid losing their funds if they lose their device or misplace their private keys."

Coinbase thinks although it is great that Coinbase Wallet allows users to experience "the full power of an open financial system" (i.e. " storing their own funds and accessing them anywhere in the world"), this power comes with "great responsibility." Since private keys, which are "generated and stored on your mobile device", are "the only way to access your funds on the blockchain" and owns of non-custodial wallets such as Coinbase Wallet "sometimes lose their devices or fail to backup their 12 word recovery phrase in a safe place, thereby "losing their funds forever," it would be a good for users of Coinbase Wallet to use cloud backup for their private keys, and it is now providing a feature that enables just that.

The new opt-in cloud backup feature provides "the ability to store an encrypted copy of your recovery phrase on your personal cloud account." You will, of course, need to come up with a strong password and a way to remember it somehow, but if "you lose your device or get signed out of the app," you will be able to "easily regain access to your funds with the combination of your personal cloud account (iCloud or Google Drive) and your password."

Coinbase wants you to know that this backup is "encrypted with AES-256-GCM encryption and accessible only by the Coinbase Wallet mobile app." And of course, if you lose the password for this backup, the support staff of Coinbase or your cloud service provider will not be able to help you since they don't keep a copy of this password:

"Coinbase will not have access to your password or funds at any time, preserving your privacy and control. Your cloud backup provider will also not have access to your funds, as only you know the password that decrypts your encrypted recovery phrase."

Although this feature currently only "supports iCloud on iOS devices and Google Drive on Android devices," Coinbase plans "to add support for other cloud services in the future."

Coinbase also wants to remind users that this feature is completely optional and needs to be explicitly activated. Also, it recommends that users also "backup their passphrase manually" after cloud backup activation and "activate Two-Factor Authentication on your personal Google or iCloud accounts to make those accounts harder for attackers to compromise."

Amongst experienced long-time investors in crypto, especially those who strong believe in its ideas of decentralization and self-sovereignty, the reactions on Twitters were quite negative. Here are a few examples:

 

Featured Image Credit: Photo via Pexels.com

Crypto Security and Privacy: Why VPNs Matter

With exchange hacks, crypto thefts and phishing incidents seemingly hitting headlines every week, safely buying and transacting with cryptoassets online has never been more important.

This week saw a particularly poignant lesson in the need for a robust online security strategy, as BitGo Lead Engineer Sean Coonce revealed that he lost over $100,000 from his Coinbase balance as an attacker gained control of his account using a “SIM Port” attack.

One important element in any crypto user’s online security should be a top-tier VPN.

VPNs and Privacy

In addition to a gamut of security and privacy practices crypto users should adopt, including using a hardware wallet and using 2FA authentication (non-SMS), a good VPN can’t be overlooked.

While the top cryptoasset blockchains themselves are quite secure, an individual’s interactions with the blockchain or their funds may not be. VPNs encrypt your data, acting in effect as an extra barrier against anyone who might try and access your information as you are communicating with servers online. The data packets of a crypto transaction in this way become better protected against anyone trying to intercept them as they travel between you and the target - such as an exchange.

When you are using a VPN, all your communications are routed via one of the VPN’s encrypted servers. This also affords you a far greater degree of anonymity, as anyone attempting to track websites you visit, e.g. exchanges, wallets, won’t know when or if you are visiting them.

While these technical features of VPNs make them essential for any crypto user, there are other broader concerns that will likely attract crypto enthusiasts to a quality VPN.

The Spirit of Decentralization

Another important facet of using a VPN is decentralization and the privacy of your information.

Bitcoin was created to fulfil the vision of a decentralized, nation-state resistant currency, allowing people across the globe to exchange value independently. In this vein, VPNs form an essential part of that vision, as it becomes far harder to trace your location.

Whether a VPN stores log files too, will likely form an important part of a crypto users choice of VPN. Some VPN providers, while either dancing around the issue or even claiming that they don’t store records of your internet activity, do in fact log your activity. Choosing a VPN provider that has a proven record of not logging activity, therefore, will matter to many in the crypto community.

One other interesting feature offered by some VPNs is the ability to pay for them using cryptocurrency. While many of the top VPNs don’t offer this feature, those who are particularly conscious of privacy and leaving less of a financial footprint, will factor this capability into their choice of provider.

Getting Started on Your Security Journey

Getting to grips with the potential security minefield that comes with owning and buying cryptoassets is not easy. There are a host of ways you can lose your crypto or leave yourself vulnerable to theft. Making sure you choose the right VPN therefore, should form an important part of your strategy as you seek to secure your crypto and online activity.