By Alex Hidalgo, Product Manager at StormX
The year 2019 was great for the markets — the S&P 500 gained 30% — but it was terrible for crypto and the absolute worst for yours truly. Instead of winning or losing money at the whims of the bulls and the bears, I actually lost my money at the whims of a lapse in memory and ultimately acting human in a nascent industry riddled with big user experience problems. I did the unforgivable — I misplaced my crypto wallet’s recovery phrase. It was devastating emotionally, embarrassing, stupid, but was it my fault? I mean hasn’t everyone clicked on the wrong button or forgotten your password at some point? When users make mistakes using software is it their fault or could have we designed the software to handle those mistakes? We’re only human and to be human is to err.
You’ve probably read countless stories on the internet of crypto wallet users misplacing millions of dollars because they can’t find their wallet passphrase or hardware key — like this guy who lost $60 million in Bitcoin because he didn’t back up his recovery passphrase. While this issue seems to be a simple, fixable bug it is actually a built-in feature for crypto. We want this strict security to prevent passphrases from being easily hacked. Many times we don’t write them down because it’s inconvenient, we forget to do it or we simply lose them. Unlike the password to your bank account website, there is no “forgot password” button and there is no customer support if you send a wire transfer to the wrong bank account. To be fair you can use a cloud wallet with a regular password and all the safety and conveniences of a normal banking website to protect us from our fat thumbs. The problem is we must compromise convenience for security. Specifically, the security of a cold storage wallet where the sensitive passphrase is never stored online where hackers could infiltrate your wallet’s web portal.
So is there a wallet that can do it all? Yes, but my own personal story of misplacing my passphrase actually occurred while using this wallet. Let's dig in and see if you can spot the issue.
First off, Trust Wallet beautifully handles a lot of the use cases that could lead a human to losing their wallet forever. For example, their first screen uses a checkbox to help slow you down and increase the likelihood that you actually absorbed the information. The second screen makes it easy to copy the recovery phrase with a single tap and paste it to a note app on your phone. The third view even requires you to verify your recovery phrase by tapping on each word in the correct order. If you hit the back button then you must start over again. This ensures you’ve copied it somewhere on your phone or written it down elsewhere. After this you are able to use your brand new mobile wallet without hindrance.
What’s the issue? I created my TrustWallet in between meetings at work. I must have written down the passphrase on a piece of paper but I quickly forgot where I wrote it down as soon as I was off to my next meeting. TrustWallet does a great job of handling the work of guiding users when they are using the software during the initial wallet creation but what about the important work of saving and remembering where we store our passphrase offline? All of this happens outside of the app so how should we handle it?
Even if we ignore them (and we shouldn’t), we all see the pop-up messages that remind us it’s been ten days since we last backed up our hard drive or that we’ve yet to install the latest version of our operating system. I think wallet apps should do something similar: The first few times you open the program, you should get a message asking if you’ve saved your passphrase yet. You might receive two options to click on: “I haven’t saved my passphrase in a secure and memorable location yet” and “My passphrase is stored securely in a memorable place.” Once you select the “My passphrase is stored securely” option, you’d stop receiving notifications. But just in case you lied to make the pop-up go away, whichever option you select, you’d receive a final funny reminder a day or so later: “500 million in crypto has been lost forever due to users misplacing their passphrase. So don’t be a goober. Save multiple copies of your passphrase securely and in memorable locations.”
Everyone ignores pop-ups sometimes, yet developers continue to incorporate them. Why? Because they work. Not all the time, and not every time, but they work, and that is why you still see them used everywhere in software. For every user who ignores a popup, there are many that follow through and take action. If only I’d seen that little popup, I might not have had to write this article.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.