No passwords or keys for ZenGo crypto wallet with FaceTec biometrics
Cryptocurrency wallet ZenGo has been generating buzz in the fintech field recently with a security challenge and involvement in the early testing for Facebook’s Libra token. The traditional access control for cryptocurrency wallets requires users to apply their own security, storing their private key safely, ZenGo Co-founder and CEO Ouriel Ohayon told Biometric Update in an interview, an approach he says has now been proven ineffective.
Ohayon argues that ZenGo’s innovation in multi-party computation and zero-knowledge proofs is both more convenient for users and more secure, and biometric authentication enables the company to extend that combination of benefits for all processes.
“Instead of asking the users to be in charge of their own security, we are distributing the security of the system between them and us,” he explains. “The responsibility is split so that there is no single point of failure, but also we can assist them in orchestrating a more sophisticated security approach which exponentially reduces the risk of error or attack.”
The biometric authentication, liveness detection, and account recovery for the ZenGo wallet are all powered by FaceTec’s ZoOm, as announced earlier this year, which enables the wallet to use an innovative keyless security model FaceTec VP of Communications John Wojewidka tells Biometric Update simplifies account management yet is significantly more secure.
“Given the high-value nature of a digital wallet’s content, it was ZenGo’s top priority to safeguard accounts, regardless of the circumstances. Using ZoOm’s Certified Liveness Detection (CLD) capabilities for biometric account recovery allows only the ‘correct’ account holder to use their unique 3D FaceMap to access their account even if their device had been stolen or lost. Biometric recovery requires the account holder to be physically present and alive during account access preventing non-human artifacts – like photos, videos, masks and other 3D objects – from standing-in for the legitimate user, preventing bad actors from accessing and creating fake or synthetic accounts. Just as important, arcane keys will never have to be remembered or recorded. It also enables portable, or cross-device, authentication, whereby an account holder can enroll on one device and authenticate on any other device, even if it’s not their own.”
A holistic approach is necessary to protect digital assets, according to Wojewidka. He emphasizes the importance of liveness detection, particularly that has been certified by a sanctioned third party, as ZoOm has been with iBeta Level 1 and Level 2 presentation attack detection testing.
In replacing the traditional method of inputting a private key as part of the authentication process, ZenGo is also leveraging ZoOm to provide a passwordless login process.
“It’s probably the first ever of that nature not just in crypto but also in fintech,” Ohayon says.
Improving user experience and security makes the technology significantly easier to adopt by a broader market, according to Ohayon. He says crypto-wallets are generally not easy to use, even for him, and billions of dollars have already been lost from them due to errors and hacks.
ZenGo carefully architected its integration of FaceTec’s biometric capabilities to support its innovative application’s unique security requirements, Ohayon explains.
“There was some adaptation also because we had to find a secure way to store safely so that the user only can restore, not anyone else, including us. We had to make sure that there was a good security scheme, where the encryption key that is used for using FaceTec technology was stored on a cloud system that the user controls, and that is done in a way that is seamless and very secure.”
The integration work would have been necessary with any technology, but Ohayon says ZenGo was impressed by FaceTec’s track record, and calls it the best solution of its kind “in terms of software reliability, sophistication of security, scalability.”
Wojewidka also praises ZenGo, and tells Biometric Update that the partnership is important to FaceTec more in terms of its innovation, and what means to other potential customers, than as a first step specifically into the cryptocurrency market.
“ZenGo has developed what appears to be the first truly usable, mass-market digital wallet, which will allow nearly anyone to use it. This will surely help to allow more people to more quickly jump into cryptocurrency and digital assets,” Wojewidka says. “Both companies have been recognized for pushing technology and usability levels, and we’re only just getting started. If ZoOm can secure something with as much potential value as a crypto wallet, it can secure a huge range of access requirements from banking to healthcare to transportation to social media.”
In addition to the security and usability benefits Ohayon attributes to ZenGo’s approach, it also makes the wallet suitable for different kinds of data.
“MPC (multi-party computation) and blockchain enables us to support any kind of digital asset, not just bitcoin or Ethereum,” he explains.
That includes Facebook’s Libra. ZenGo has released a proof-of-concept for Libra, and says it is the first consumer-grade wallet to support Libra’s testnet implementation.
If ZenGo proves as secure from both hacks and lost keys as Ohayon and Wojewidka suggest, and as easy to use, biometrics may be on the verge of replacing passwords for cryptocurrency accounts, and cryptocurrency wallets may be about to become much more popular.