Krebs On Security has a(nother) article on the 2022 Lastpass hack where vaults keep getting cracked. Now over $150M in crypto has been stolen. Crypto wallet seed phrases do not belong in password managers (nor passkey wallets) for stuff of real value.
@briankrebs.infosec.exchange.ap.brid.gy

@ethereum.bsky.social EthDenver buidl kickoff

Password managers being targeted again. Several articles talk about 2FA/MFA but the reality is that if you unlocked it the extra auth does nothing. We saw encrypted LastPass vaults get brute-forced. Reminder: don't store crypt wallet seed phrases there. links in reply. @secretshield.bsky.social

What's up with Casa's crypto mobile wallet? It seems to make and verify "backups" but where are they stored? I fear they are storing them in the cloud (super high risk) and then offering a paid multi-sig service to mitigate the risk. Did I misunderstand?

In my last post, I (thought I) explained why passkeys for crypto wallets were a terrible idea. Yesterday, someone tried to tell me that their's is safe b/c it uses the secure enclave- utterly missing the point that a copy is in the cloud and the cloud is the PRIMARY risk.

I was inspired to write that article on passkeys use in crypto wallets. In short, don't fall for the hype. It's a bad idea.

secretshield.net/blog/crypto-...

Cute video, but the problem is real and pervasive. I touched on the extreme risk of using passkeys for crypto-wallets. The real solution to the recovery problem involves both offline and online. I think I'm inspired to write an article on the topic...

youtube.com/shorts/3uKPS...

Passkeys are a terrible🔥 idea for signing crypto wallet transactions. It solves phishing, shoulder surfing, reused, and easily guessed passwords - perfect for that. They are cloud-backed up/synced: 🚨puts crypto wallets at very real risk🚨. History will repeat itself: www.techradar.com/pro/security...

Passkeys are a major leap forward over passwords. I'm fully supportive of passkeys replacing passwords AS LONG AS a compromised password/passkey does not mean losing everything in an unrecoverable way.

Last week an article was shared in the ethereum sub on reddit comparing cloud backup vs passkeys. BUT it is not a "vs" it is really self-service vs automated because both are cloud backups. Centralized cloud storage seems like a bad idea for crypto keys.

www.reddit.com/r/ethereum/c...

After working on this for over 18 months, I'm super excited to share that SecretShield is now live.

Losing your crypto wallet doesn't have to mean losing everything.

secretshield.net

#cryptocurrency #Web3 #Ethereum #Bitcoin #DigitalInheritance #SecretShield

WASI Preview 2 is officially out, and it's a big deal. Beyond the APIs that open WASM to a growing number of use cases and environments, the component model allows assembling interoperable modules developed in different languages. blog.sunfishcode.online/wasi-preview2/

The updated WebAssembly roadmap just dropped: https://bytecodealliance.org/articles/webassembly-the-updated-roadmap-for-developers

I’m especially excited for the Wasm Component Model and its potential for secure by design / supply chain security.

Plus the idea of language interoperability is 🥵🥵🥵

I’m in. Hello Bluesky!