one or other type of device, in the Google Authenticator world you have just lost your access completely. So, it’s up to the service you are using to determine a recovery mechanism. What’s interesting is that some services don’t give you one. Others offer recovery via email, SMS, or other similar mechanism which then introduces the same issue. We, therefore, believe in recovery via time lock, where your account is locked for a period of time before you can reset it. BM: In the meantime, are there ways to prevent users from losing their password in the first place? PP: There is some psychology involved here. Part of our philosophy at EdgeSecure is to carefully align technology with humanity. This involves a recognition of the fact that we’re all fallible beings, that we do forget passwords. One step we employ to help people not forget passwords is to ask them to voluntarily enter it from time-to-time when they go to access their app. Our intent is to give them the opportunity to change it if they forget it at that moment. BM: How exactly does this work? PP: We have an algorithm inside of the app that has what we call a reminder “step off,” based on users actually entering it. This “step off” is how frequently we remind you based on how many times you’ve actually entered the password in the past. Obviously, you can get into the app with a pin, thumbprint and now facial ID. But if you lose that device, the password is the only way to get back on. BM: This seems like an idea that other tech solution providers will likely want to pick up on.PP: No doubt. We fashion ourselves as the world’s only password recovery for encrypted data. While that, in and of itself, is a patentable idea, we’ve opted to not patent, in the name of open source, open collaborative effort. BM: What sort of criticism do you hear from the crypto community? PP: One of the main ones we get is that we are not as secure as a hardware wallet. These criticisms come from people that often harbor the biggest fears of something that I have yet to see happen, namely, a person losing crypto from a device attack. Sure, you might hear of publications espousing theoretical exploits. But I haven’t seen evidence of a mass exploit with cryptocurrency taken on a device with encrypted data. Yet there are millions, if not billions, of dollars being poured into solutions for that problem. BM: Aren’t hardware wallets a great resource then for those who have these concerns? PP: They can be. But it’s important to keep in mind that with hardware wallets, the attack vector isn’t someone getting into it digitally over the internet. Rather, the attack vector is the individual user. I can’t count the number of people who say to me after purchasing a hardware wallet, “Now, I’m secure!” I then ask them, what did you do with the backup information? Often they’ll say, “I put it on Google Drive.” My response: “You did what? That’s the worst thing you could possibly do with the private key.” BM: Finally, what are your thoughts regarding security vulnerabilities among centralized exchanges? PP: It’s a big concern, no doubt. Coinbase is obviously the most recognizable example in the crypto world, but I don’t think that their model can survive long term. I’d describe them as a $15 billion piñata for hackers. Yes, they haven’t been hacked and I believe a combination of luck and skill has prevented that from occurring. BM: So do you believe that it’s just a matter of time before a serious hack occurs?PP: Let me say this. One of the hardest aspects of centralized security is that it doesn’t scale. In other words, the bigger you get, the harder it is for you to secure. And as the pot becomes bigger, you have to hire and entrust more and more people inside the company. So it takes just one bad apple with access and there goes a lot of user money. BM: Where do you see this security space headed? PP: In the next
3–5 years, we should actually see a trend where users will seek out what I call Edge-secured apps, where people can control their own data. These encryption and Edge solutions will be invi
3–5 years, we should actually see a trend where users will seek out what I call Edge-secured apps, where people can control their own data. These encryption and Edge solutions will be invi