Ensuring the Safety of Your Mobile Wallet: What You Need to Know

Enhancing Security in Self-Custody: Insights from Paul Poi, Co-founder of Edge Wallet

Welcome to a new episode of our podcast, where we have a special guest today, Paul Poi from Edge, an edge wallet. In this episode, we will explore the steps taken by Edge to enhance security in self-custody. Paul discusses the two aspects of security that Edge focuses on: protection against outside attacks and safeguarding against human error.

Securing Against Outside Attacks

One of the key measures that Edge takes to protect against outside attacks is encrypting the keys stored on the device. This is not a feature that all wallets provide, so it’s important to ask your wallet provider if the keys are encrypted on the device. Storing unencrypted keys on the device or in a shared storage area can make them vulnerable to other apps that may access and sweep the data. By encrypting the keys at rest, Edge ensures that even if someone gains access to the device, decrypting the keys becomes a significant challenge.

Additionally, Edge leverages the security mechanisms of phones, such as secure elements, to store and encrypt keys. This provides an extra layer of security, similar to having a mini hardware wallet inside your phone.

Protecting Against Human Error

Human error is a significant factor in security pitfalls related to self-custody. While the physical device itself may be secure, the backup of the keys becomes a potential vulnerability. Edge addresses this by automatically encrypting all keys created within the wallet with the user’s credentials. These credentials serve as the primary encryption key, which Edge does not have access to. Furthermore, Edge automatically backs up the encrypted keys, ensuring that they are securely stored.

To address concerns about the security of the user’s credentials, Edge implements a hybrid approach. They combine the technology of encryption and cryptography as the primary layer of security with traditional client-server security models. This includes implementing a light form of two-factor authentication on all accounts. Even if someone gains access to the user’s password, they would still need to have the same IP address used to access the account over the past three months to gain entry. This IP validation adds an additional layer of security to protect against unauthorized access.

Privacy and Security Challenges

Edge places a strong emphasis on privacy and does not collect personal information that can be used for identity verification. Instead, they rely on time as a security tool. IP validation is used to ensure that the user is accessing their account from a trusted device. If the user tries to log in from a different country or IP address, they would need to provide additional verification or wait for a specific amount of time before gaining access. This approach balances security and privacy concerns.

Frequently Asked Questions

1. Does Edge encrypt the keys stored on the device?

Yes, Edge encrypts the keys stored on the device to protect against unauthorized access. This ensures that even if someone gains physical access to the device, decrypting the keys becomes a significant challenge.

2. How does Edge protect against human error in self-custody?

Edge automatically encrypts all keys created within the wallet with the user’s credentials. These credentials serve as the primary encryption key, which Edge does not have access to. Additionally, Edge automatically backs up the encrypted keys, ensuring they are securely stored.

3. What measures does Edge take to balance security and privacy?

Edge implements a hybrid approach by combining encryption and cryptography as the primary layer of security with traditional client-server security models. They also use IP validation to ensure that the user is accessing their account from a trusted device. This approach allows Edge to maintain user privacy while providing robust security measures.

4. How does Edge handle IP validation for account access?

If a user tries to log in from a different country or IP address, Edge requires additional verification or imposes a waiting period before granting access. This helps protect against unauthorized access to the account.

5. Can Edge recover lost funds in case of human error?

Edge’s encryption and backup mechanisms help protect against human error. However, it’s important for users to securely store their backup credentials and ensure they can access them when needed. Edge cannot recover lost funds if the user loses their backup credentials.

Overall, Edge’s approach to security in self-custody addresses both external threats and human error. By encrypting keys on the device, implementing IP validation, and automatically encrypting and backing up keys, Edge provides users with a secure and user-friendly wallet solution.