When designing software, it is often surprisingly difficult to make a product both secure and easy to use. Yet, that is exactly what we had in mind when we created VivoPay, a new crypto wallet for the Harmony One blockchain. Our seemingly contradicting goals were:
- Make it the most secure software wallet
- Make it as easy to use as Square Cash or Venmo, even for first-time crypto users
- Add support for cross-chain DeFi (in a later phase)
- Bring privacy and scalability to blockchain with a new type of smart contracts that can be run within the wallet (in a later phase)
In this blog post we’ll discuss how we made VivoPay super easy to use.
The key problem
In order to make VivoPay as easy to use as Square Cash or Venmo, we had to solve one of the biggest hurdles for first time crypto users: key management. During testing, we often heard questions like: What’s a key pair? Why do I have to write down these random words? What’s a recovery phrase anyway? (If you’re not familiar with these terms, see the VivoPay Introduction to Key Management).
We don’t know what percentage of first-time crypto users drop off before completing setting up their wallets, but we suspect it’s very high. CryptoKitties creator Bryce Bladon estimated that about 99 out of 100 potential CryptoKitties users dropped off before successfully buy a CryptoKitty. Granted, the wallet was only one step of many in the CryptoKitties on-boarding, and wallets have improved since then, but there is a long way to go before the churn is comparable to non-crypto on-boarding.
We believe VivoPay made a big step in making crypto wallets more accessible to first-time crypto users. Here’s how we did it:
How Other Wallets Solve Backup
We started by looking at how other wallets handled on-boarding. Specifically, how the wallets backed up the key. What kind of method did they use and how is it presented to the user? This is what we found:
- Trust Wallet was the most traditional wallet we looked at. It forces the user to write down a 12 word recovery phrase that “allows you to recover a wallet”, but doesn’t explain much more. This seems fine for experienced crypto users, but inadequate for first-time crypto users.
- In contrast, Celo’s Valora lets you create a new wallet without a backup. Valora will present popups to remind the user to backup the private key. If the user clicks on the popup, a series of info pages explains what a recovery phrase is (“a special kind of password”). This approach is more suited for first-time crypto users. However, the process is not entirely frictionless: the user need to understand the info pages, and writing down and securely storing the recovery phrase is a barrier.
- Coinbase Wallet (that’s the mobile wallet app owned by the exchange, not the exchange itself) also allows users to create a wallet without a backup and reminds the user to backup the wallet, just like Valora. But in contrast to Valora, Coinbase Wallet offers users two options to back up the wallet: either writing down a recovery phrase or to back up the wallet in a password-encrypted file, stored in the user’s personal cloud (e.g. iCloud or Google Drive).
- ZenGo is the only wallet we looked at that doesn’t use recovery phrases. In fact, ZenGo is the only wallet we looked at that doesn’t store the private key on the device at all. In fact, the private key is never generated. How does that work? Signing a transaction in ZenGo is multi-party computation (MPC). The result of two a two party computation is the signature of the transaction. The two parties are the ZenGo wallet the user uses and the ZenGo server. What happens if you lose the device? The solution is backing up a so called “decryption key” on the user’s personal cloud (Apple iCloud or Google Drive) and is encrypted using biometrics. The decryption key itself is useless, but it can be used (again in an MPC) to generate the wallet part of the MPC.
VivoPay Key Management
For VivoPay we chose to use the following onboarding and backup flow:
- We decided on a mandatory key backup at setup (instead of allowing the user to on-board without backup).
- During on-boarding, the user is presented with two options: Default or Advanced. The default is meant for first-time crypto users. The backup will be password encrypted en stored in iCloud (similar to Coinbase Wallet). With advanced, the user can back up the wallet using a traditional recovery phrase.
- Unlike Coinbase Wallet, VivoPay will never show the recovery phrase after a user chose to save the wallet in iCloud.
- Instead, if a first-time crypto user is ready to “upgrade” to a more secure recovery phrase backup, a new wallet will be created and all funds in the old wallet will be transferred automatically. This ensures the new wallet is as secure as possible.
Want to see our key management solution and experience VivoPay yourself? Sign up for updates and get notified when VivoPay becomes available.
Where to go next?
- Read How we Created an Insanely Secure Crypto Wallet
- Read VivoPay Introduction to Key Management
- Read the technical details in How VivoPay Leveraged the Secure Enclave and CryptoKit
- Read about the future of VivoPay’s Zero Knowledge Payment System
- Download the VivoPayEncryption demo app (requires iOS 14 and Xcode 12).
- Sign up for VivoPay updates
Thanks for proofreading and feedback:
- Ouriel Ohayon
Also Read: The Best Hardrawe wallets
How we Made VivoPay Crypto Wallet Super Easy to Use was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.