What we really mean by simple and secure

tl;dr: Your accounts are not safe if their security relies on a simple password that can be accessed in some form: true security will protect you from your own mistakes

No service will claim upfront that they are not simple and secure. This is a common claim to fame. Indeed, every financial service has some sort of security setup in place to protect itself from outside attacks while providing customers secure ways to access and recover their accounts.

But unfortunately, it’s not that simple…

Your key, your problem

As we see day after day, no system is fully resistant to attacks or errors. While the nature of these attacks and errors can change, all share a common thread: human mistakes that coders and users will make at some point.

After all – we’re only human.

Recently, Coinbase saw the accounts of 6000 customers drained because of a software flaw in their reliance on two-factor security authentication. On a near daily basis, chrome extension wallets like Metamask see users losing their funds because they were lured into a phishing attack or social media attack and gave out their secret, private recovery key without being aware.

Even hardware wallets like Ledger are vulnerable; they recently suffered a massive e-commerce hack that unmasked hundreds of thousands of user profiles and details that led to phishing attacks where users were asked to share their private keys.

No matter how advanced, all security protocols have one major vulnerability: us, poor users!

The more sophisticated attacks have started to focus on our own human vulnerabilities, trying to convince us to divulge critical information that compromises our accounts.

Beware of security narratives

Unfortunately, there’s no limit to poor security choices many tend to make – for example writing down the 24 security words on a piece of paper to keep them “somewhere safe.” This is probably the worst piece of advice you can give to someone without proper awareness of the risks: the ink can fade, the handwriting can be difficult to read later, the paper can be lost, stolen, burned, forgotten… or land in the hands of someone else! We know too well. We even built a tool for this.

In crypto, there are dangerous narratives that hide harsh realities. “Hardware wallets are the ultimate security”, “use two-factor authentication” “use Yubikey”. While they all share some basis of truth, they also have limits. You can lose all of your funds, even if you diligently follow all of the above. If you give away or lose your private key or seed or second factor in exchanges: you will likely lose all your funds forever.

It doesn’t have to be this way – and we’re not the only ones who think so:

Zengo’s novel idea: protect us from our own mistakes!

The future of account security should protect users and related systems from their own mistakes, by design.

Let’s be clear: no security setup is 100% safe. That does not exist, and every system has its limits and tradeoffs. You just need to be aware of them and compensate as appropriate.

At Zengo, our security philosophy is to protect the users from their own potential mistakes by building it into our design from the outset: we’ve made it impossible to share any critical secrets because there are no secrets to share! Ever. This is a core design principle that guides every product decision we make:

  • Our wallet uses MPC (multi-party computation) so you never have a simple piece of code that can be accessed (even by you) and compromise your account.
  • We use passwordless authentication so even if you were phished, you would not know what to share with the attacker. Zengo does provide a recovery kit stored in the cloud but it is only one of the pieces of the puzzle and it is not just encrypted but useless as such.
  • We use multiple recovery factors (3 – including live biometrics, which cannot be gamed with pictures or 3D Masks) so that even if you lost control of your email or your cloud accounts to an attacker, you still wouldn’t lose your funds. Check out the below video of us trying to beat the system!
Zengo CEO attempts to trick our system
  • We do not use mobile phone numbers, which are famous for being easily taken over.
  • We built fallbacks on all critical factors to avoid any unfortunate lock up by mistake situation: second trusted emails, alternative cloud providers for recovery, and trusted second face scan so that it’s nearly impossible to lose access to your own account.
  • We made the user experience exceedingly easy, leveraging systems already built-in to your phone and familiar to you.
  • We even built a system that allows customers to access their funds if we stopped operating for whatever reason.
  • We built a system that would prevent attackers (including ourselves) from draining accounts even if they manage to overtake our servers, because you need access to both servers and the mobile devices of the user.

Zero account take over.

Does that mean this is 100% secure?

It does not.

Like any system, there are limits, too. Zengo users could be victims of phishing attacks, but only for new users who have not yet created their accounts. And while users can’t give away their account by mistake, they could still send funds to the wrong address (to an attacker trying to lure you with fake promises).

However, to this day, not a single Zengo account has been taken over: Not one (even when we challenged folks to!)

There is no private key to steal, there is no mobile phone number to reverse engineer, there is no password to steal.

Sure, it’s easy to achieve the same goal by designing a security system so complicated that attackers will be deterred from even trying to hack it – but that also means users won’t use it, either!

Simple and secure at Zengo means that we eliminate the pain of setup and recovery while increasing user security, making it near-impossible to give away critical secrets.

This is what we mean by simple and secure.

Stay Zen.