http://www.coindesk.com/bitgo-update-expands-security-controls-for-consumers/Multi-sig for individual users with BitGo. While regular folks may be slow to adopt it, I predict 2015 will see a marked drop in BTC losses among companies/exchanges/organizations as they migrate to multi-sig.
Couldn't happen too soon; an exchange I used up until a few weeks ago (Allcrypt) just announced their BTC wallet was emptied over the weekend. That's eerie because that's the 2nd time I've left an exchange shortly before it collapsed (Mintpal). And for that matter, I was able to profit in the chaos surrounding Cryptorush's end as well (lost $20 when it shut down, but profited several times that amount in the final day as people struggled to extract funds.)
There should be a more secure 2fa on withdrawals and account activity for platforms. Phishing and other issues will result in a lot of users getting hacked potentially even with insurance, it costs the business significant amounts. Google 2fa/sms/authy are all text based and generated on a time seed which is vulnerable to multiple attack vectors, any time you use a text based 2fa it's like typing a private key in. I wish more exchanges would use clef... public/private key crypto with anti-phishing.
http://sakurity.com/blog/2015/03/15/authy_bypass.html/ Anyways, multi-sig should really be ubiquitous and I still don't understand why companies choose to keep all funds in one "hot wallet". It costs almost nothing to split funds amongst multiple wallets, and have distributed multi-sig keys. Sorry to hear you lost funds, I think this mass incompetence of putting all eggs in one basket with one key is ridiculous.
The main issue is that waiting for a withdrawal on an exchange is annoying and makes users worry. Without this mass hot wallet with direct access from the platform means wallets have to be cycled and requires more complex architecture. Simply put the small players don't have the staff or development to protect customers in the same manner, a wallet provider adding this feature is per user, and separate while an exchange is one wallet or a few wallets for everyone
Well, I dodged a number of bullets and only have the indirect hits (I call it shrapnel) from all the various scandals and thefts and altcoin scheming and so forth. I figure by most veteran's standards I've gotten off easy thus far. I picture the security situation at traditional institutions like banks is like a bucolic picture of a peaceful castle with tall walls and guards posted, with a few bandits lurking in the shadows of the forest in the backgrounds. With bitcoin the security situation is more like.... well, have you seen the movie
The Two Towers? Remember the Battle of Helms Deep?
I think we'll get things locked down. I really am optimistic. For one thing, people can negate 99%-99.9% of the risk now by employing prudent safeguards without much fuss or reliance on anyone else. This thread has been very helpful in that regard.
