\n
![](\"https:\/\/bitcoinmagazine.com\/.image\/c_fit%2Ch_800%2Cw_1200\/MjA3Nzk5ODI0NzA2MjUwMzM5\/default_notes_next_to_a_laptop_with_a_pencil_0.jpg\")
<\/p>\n
\n<\/p>\n
An underlying theme of this cycle has been to challenge preconceived notions about how people use Bitcoin around the world. New behaviors are emerging and other cultures are using the asset in a way that is breaking previously established molds. <\/p>\n
A major trend emerging out of this chaotic environment is the resurgence of seedless security models, which take a radically different approach to securing Bitcoin private keys. Proponents argue that established security practices are failing to meet the expectations of an increasing number of users. Along with the maturation of custodial alternatives, the emergence of ETF products is creating concerns about the prospect that future users will onboard into more complex self-custodial solutions. <\/p>\n
It is not the first time security specialists have pointed the finger at seed phrases when asked about the difficulties of Bitcoin self-custody crossing the chasm. Industry veteran Jameson Lopp has long debated<\/a> the challenges of the security model, and remains outspoken about its pitfalls. His company, multi-signature wallet provider Casa, was formed, in part, to address the issues created by traditional backup methods. <\/p>\n In a conversation with Bitcoin Magazine, current Casa<\/a> CEO Nick Neuman echoed his colleague\u2019s concerns:<\/p>\n \u201cWe need to think more carefully about how we use them as an industry because the user experience of getting hit with a seed phrase the first time you set up a wallet is very difficult<\/em>.\u201d<\/em><\/p>\n Despite significant progress in the quality of Bitcoin products and applications, the landscape of self-custody remains perilous for those whose comfort with technology stops at their iPhones. Every other day, accounts emerge of various successful phishing attacks targeting victims\u2019 funds by compromising their wallet\u2019s seed phrases. <\/p>\n Earlier this January, popular hardware wallet provider Trezor announced they had reasons to believe sensitive customer information had been leaked due to a breach in the systems of a third-party service provider. In the following months, X users reported a new wave of phishing attempts hitting their inboxes. <\/p>\n Another reminder of the fragile state of the average person\u2019s security practices came in 2022 following a security exploit that affected popular password manager LastPass. <\/p>\n Following a string of curious wallet-draining incidents affecting mobile and hardware wallet users alike, researchers eventually figured out<\/a> that seed phrases stored on the service\u2019s servers had been compromised. As of a couple of months ago<\/a>, losses have been estimated<\/a> to have reached over $250 million in various cryptocurrencies. <\/p>\n While popular Bitcoin influencers have banged the table for the adoption of more robust security systems involving hardware wallets, a large number of market participants have yet to warm up to this practice. Shehzan Maredia, founder of Bitcoin financial service company Lava<\/a>, sees a significant divide between security product developers and a large section of the Bitcoin market. <\/p>\n \u201cI\u2019ve realized most people start questioning their ability to self-custody when you involve hardware wallet and seed phrases. Half of them will do a poor job of following instructions and the other half will simply prefer using custodians,\u201d he remarked. <\/p>\n Security experts are adamant that private key material should remain offline at all times, but Maredia suggests secure enclaves present in modern mobile phones are sufficient to thwart the majority of attacks affecting users today. <\/p>\n \u201cLooking at the common causes responsible for the loss of users’ funds, it\u2019s rare to find examples of mobile keys being compromised.\u201d Rather, he argues, it\u2019s more likely users will do a poor job of securing their seed phrase backup or will give it away during a phishing attack. <\/p>\n Bitcoin products have seen a lot of improvements since Casa pioneered the seedless wallet approach years ago but few so far have followed in the company\u2019s tracks. While self-custodial applications are more robust than ever, some changes have introduced additional steps to an already significant learning curve. It\u2019s worth questioning whether a nihilistic attitude towards security has pigeonholed the practice into rituals unpalatable to the average person. <\/p>\n Neuman remains optimistic. He suggests there has been an observable shift in the industry towards more realistic approaches, though he thinks Bitcoin products are lagging behind <\/p>\n \u201cThere are still quite a few like wallets that force you to [save your seed phrase] upfront. I think it’s kind of a risk management thing on their end, but it actually works against the goal of helping users feel comfortable holding their own keys.\u201d<\/p>\n Regardless, the trend suggests the rest of the industry is coming around to the risks of users handling sensitive information. Recent technologies such as passkeys, implemented in Coinbase\u2019s new \u201cSmart Wallet<\/a>,\u201d offer interesting alternatives for this new generation of products. Passkeys<\/a> are a new standard promoted by internet giants like Apple and Google, which aim to replace traditional passwords with cryptographic keys tied to a user’s device and identity. <\/p>\n According to our research, testimonies<\/a> from early adopters<\/a> indicate the technology has yet to sort out important standardization issues. Lava\u2019s Maredia agrees there is room for improvement. He recently launched a seedless solution he thinks achieves the best security tradeoffs one can expect of mobile devices.<\/p>\nThe Perils Of Seed Phrases<\/h3>\n
Seedless Challenges And Opportunities<\/h3>\n