TL;DR
-
The hardware wallet maker, Ledger, just announced ‘Ledger Recover,’ a $9.99 p/m subscription service, and folks are MAD about its potential security flaws.
-
Essentially, Ledger takes your password (aka ‘seed phrase’), and stores a backup of it for you, so if you lose your password – you can still access your crypto.
-
But the service requires you to provide ID, and the fear is: if someone can steal/acquire your ID, they can gain access to your crypto. Which is a valid concern!
-
BUT! You don’t have to subscribe to the Ledger Recover service – Ledger devices work just fine without it. Doing nothing in order to maintain higher security? Sounds good to us.
Full Story
If you’re not familiar with the folks over at Ledger, they make hardware wallets (these USB lookin’ things).
The company has gone to great lengths to position themselves as ‘the Apple of crypto,’ and for the most part – it’s worked!
Folks seem to love the company’s products (ourselves included).
…all products *except one*.
Ledger just announced ‘Ledger Recover,’ a $9.99 p/m subscription service.
Essentially, Ledger takes your password (aka ‘seed phrase’), splits it into three parts, and stores each piece across three separately owned databases.
(The idea being that storing across separate databases means that hackers need to do three times the work to access your seed phrase).
So if you lose your password, you now have a back up option – where Ledger retrieves/pieces your seed phrase back together and sends it over.
(Previously, the responsibility of password storage was on you – if you lost it, you lost your crypto).
Ok, seems logical. Why’re folks mad about it?
The service requires you to provide ID, and the fear is: if someone can steal/acquire your ID, they can gain access to your crypto.
And it’s a valid concern!
People get hacked all the time thanks to SIM swapping, which is when hackers call up telecom providers, provide stolen ID / credentials and get a SIM card with a targets mobile number on it.
They then use that number to change all of the victims passwords and access their accounts.
So, yeah…it feels like a pretty glaring security flaw.
But here’s where the argument finds a natural end point:
You don’t have to subscribe to the Ledger Recover service – Ledger devices work just fine without it.
Doing nothing in order to maintain higher security?
Sounds good to us ¯\_(ツ)_/¯