Cryptocurrency security depends on several hash algorithms which transform a password, like “Banana$123”, into a unique series of letters and numbers, also known as a hash. The idea is that it is almost impossible to decipher the original hash to unlock an account password of an unknown user. However, there are some cases where cracking a hash isn’t feasible. This is when forgotten password attacks become serious problems for both the user and the online system.
Some of the problems encountered with forgotten password attacks can be attributed to the way Cryptocurrency Wallets store information. Most Cryptocurrency Wallets uses encryption as the protection against hacking. However, even strong encryption systems are vulnerable to attacks if the password is either weak or has been forgotten. For instance, emails sent to users with incorrect usernames are often ignored by such wallets as they think that the emails were sent to the wrong person. Thus, unless the user has the correct password in clear in his inbox, messages from deleted emails won’t be received.
Another Cryptocurrency wallet weakness lies in the lack of support for multiple signatures in a transaction. A number of Cryptocurrency Wallets (like Electrum) allow users to make transactions where only one set of signatures are needed for a successful transaction. For instance, when you make a purchase from your local grocery store using your credit card, a digital signature is created in your wallet by you, the merchant, and the payment processor. The merchant signs the digital key and sends it to the payment processor, who then verifies it with the master private key.
The problem with this system is that anyone can create a digital wallet with no security. Anyone can print off these digital keys and use them for themselves. In fact, this is why people keep backups of their passwords: so that if they lose their original copy, they can easily create a new backup. But what if a person loses his backup? How will a retailer or merchant regain funds? Again, the weakness lies in the lack of protection for private keys: if a hacker has control of a single private key, he can perform an infinite number of financial transactions with ease.
So how do we secure our passwords and private keys? We can’t; the best that we can do is to make sure that we use complex passwords containing letters, digits, and special characters. And we can never keep our passwords on paper: paper has too many advantages over saving it on our computer. If we store our passwords on paper, hackers have free reign to access it anytime they want; and we never know when our bank accounts might be accessed by unauthorized parties as well.
But we can take precautionary measures. Use complicated passwords, change them regularly, and don’t use paper wallets. Use offline wallets (with physical security measures such as cable locks and combination codes) instead of online ones. If ever you need the help of recovery services, contact your money transfer service provider first before you store your coins at home.