TL;DR
-
Hardware wallet maker Ledger just announced “Ledger Recover,” a $9.99 p/m subscription service, and people are MAD about the potential security flaws.
-
Essentially, Ledger takes your password (a.k.a. seed phrase) and stores a backup of it, so if you lose your password, you can still access your cryptocurrency.
-
But the service requires you to provide ID, and the fear is, if someone can steal/obtain your ID, they can access your crypto. That is a valid concern!
-
BUT! You don’t need to subscribe to the Ledger Recover service – Ledger devices work fine without it. Do nothing to maintain higher security? Sounds good to us.
Full story
If you’re not familiar with the folks at Ledger, they make hardware wallets (this USB looking things).
The company has gone to great lengths to position itself as ‘the Apple of crypto’, and for the most part – it succeeded!
People seem to love the company’s products (including us).
…all products *except one*.
Ledger just announced Ledger Recover, a $9.99 p/m subscription service.
Essentially, Ledger takes your password (aka “seed phrase”), splits it into three parts, and stores each piece in three separate databases.
(The idea is that storing it in separate databases means hackers have to do three times the work to get access to your seed phrase).
So if you lose your password, you now have a backup option – where Ledger retrieves/shares and sends your seed phrase again.
(Previously, the responsibility for storing passwords was yours – if you lost it, you lost your cryptocurrency).
OK, seems logical. Why are people angry about it?
The service requires you to provide ID, and the fear is, if someone can steal/obtain your ID, they could gain access to your crypto.
And it is a valid concern!
People get hacked all the time thanks to SIM swapping where hackers call telecom providers, provide stolen ID/credentials and get a SIM card with the target’s mobile number on it.
They then use that number to change all victims’ passwords and access their accounts.
So, yeah… it feels like a pretty glaring security flaw.
But here the argument finds a natural ending:
You don’t need to subscribe to the Ledger Recover service – Ledger devices work fine without it.
Do nothing to maintain higher security?
Sounds good to us ¯\_(ツ)_/¯
