Michal Wendrowski is an online marketing, internet security specialist and the founder of Rublon. His first online venture was already profitable in 1999 when he was 11 years old. He created websites in German, English and Polish, which generated over ten million page views per month.
Over the course of several years in the domain name business, he took over more than 1000 domain names and created CenyDomen.pl, a website that aggregates sales of Polish domain names. Having gathered valuable experiences in Germany and the United States, he returned to Poland to concentrate on innovating the Internet.
Rublon is an internet security layer that protects users against intruders who have discovered their passwords and is being used by hundreds of web systems from over 24 countries including companies such as BitBay.
Michal bought his first bitcoins on BitBay in 2014. Michal is also an active propagator of Bitcoin at technology conferences and meet-ups. He is also the organizer of Bitcoin Day in Poland.
-Mr. Michal Wendrowski
Cointelegraph: How did you get into Internet Security and Bitcoin in general?
Michal Wendrowski: The more active I was on the Internet, the more of a hassle it became for me to authenticate to all the web apps I've been using. The need of having a different and complicated password for each web account makes it impossible to remember all your login credentials. Password managers look like a solution to this problem, but you're creating a single point of failure if you use them — they still require a master password to unlock all your other passwords.
Using them is also a burden if you want to access your accounts from different devices, especially mobile ones. Logging in was a pain for me, so I started to work on a solution that could make authentication on the web easier, but also more secure. This led me to creating a cryptographic authentication algorithm that uses your mobile phone as your private key, which allows you to log in by simply scanning a QR code.
The original idea was to replace passwords altogether, but later I understood that the right way to improve authentication is to introduce another layer of security — a second factor (something you have). This is how Rublon was born.
Eventually it was Rublon that led me to Bitcoin. A few months ago, we organized a small Bitcoin meetup at our headquarters with the help of our local university. BitBay, the Bitcoin and Litecoin exchange, got interested in our initiative and decided that it wants to connect its system to Rublon because it's the easiest two-factor authentication solution they've ever seen. Since then, we've been working together with the goal to build the best authentication solution for the Bitcoin community.
CT: Rublon has been described as an “internet security layer” to users. Could you briefly explain how it works?
MW: Rublon protects your online accounts against intruders who found out your passwords and even against those who have infected your computer. It is a cloud-based internet security layer that protects every user of any web application that is connected to Rublon via our API.
Whenever you log in from a new device, Rublon will ask you to confirm your identity before it lets you access your account. Rublon can be also put to use to confirm operations, like changing your email address or password or for example if you want to sell or transfer BTC. This protects your account and BTC even if your computer got infected.
By default, Rublon communicates with you via email. This means that as a user of a web app that is connected to Rublon, you are protected automatically, without having to register with Rublon. If you care about security, we strongly recommend to download our mobile app though. Any login or operation confirmation will then switch from email to the Rublon mobile app on your phone (available for Android, iPhone, BlackBerry, Windows Phone).
We are launching the Rublon internet security layer on BitBay in the upcoming weeks. For now, you can check out a demo of the basic Rublon account protection at www.pagechimp.com and find out more at www.rublon.com. We also offer plugins for WordPress, Drupal, Magento, OpenCart and PrestaShop.
CT: As a security expert, could you tell us what the biggest threats are to cryptocurrencies right now?
MW: Cryptocurrencies, especially Bitcoin, can provide very high levels of security if used correctly. The emphasis is on "if used correctly".
When we look at mass adoption, we cannot expect most Internet users to store their Bitcoin in a highly secure manner themselves. Secure private key management is not easy and requires know-how that most users don't possess. This is why I believe that online wallets like Coinbase are going to play a very important role in the Bitcoin economy — they make it fairly easy to store and manage your Bitcoin even if you don't know much about IT security and cryptography.
Two-factor authentication and operation confirmations are a must here. I also believe that multi-signature wallets will become an industry standard if we'll make them easy to use. Until that happens, we will have to trust our online wallet providers and exchanges that the security measures they implemented are strong enough.
CT: Do you think cybercrime will increase concurrently with the growth of the Bitcoin economy?
MW: Bitcoin hugely incentivizes computer hacking. The sophistication levels of the Bitcoin heists are astonishing. It was recently revealed that an attacker redirected traffic from 19 ISPs to steal BTC from mining operations. This was done using a technique called BGP hijacking, which almost never happens otherwise.
In 2012, 47 thousand bitcoins were stolen through an internal infrastructure compromise of a popular cloud service provider, which means that attackers gained root access to any of its customers' VMs. Botnets are being put to use to mine for Litecoin. Researchers recently demonstrated that setting up trial accounts with cloud hosting providers and then exploiting them for Litecoin mining is quite a profitable operation (and may be even legal in some cases).
Today there is probably no better incentive to create and deploy malware than Bitcoin. The same goes for finding and exploiting software vulnerabilities and login credentials, which are being sold in exchange for Bitcoin because it makes selling this kind of stuff easier, faster and safer. It's a tough road ahead of us, but I believe that ultimately Bitcoin will make the Internet much more secure and robust, which is a very good thing. We can already see that people involved in Bitcoin are much more aware of security best practices than the average Internet user.
CT: Will we see 3+ factor authentication in the future or will more sophisticated means of security emerge such as Biometrics?
MW: Authentication mechanisms that employ three or more factors definitely have their use cases in certain environments. I do not believe that we will see three-factor authentication becoming a norm on the Internet anytime soon.
Right now most web apps don't even support two-factor authentication. Many Internet users still don't even know what this is and what it's good for. I do believe that two-factor authentication will become a standard on the Internet in the upcoming years, but only with a solution that users will be willing to adopt. The currently most popular mechanism that is based on the time-based, one-time password algorithm is certainly not going to become widely adopted because it creates too much friction.
Biometrics is a very interesting topic and I believe that mobile phone manufacturers are going to play a major role here with fingerprint sensors. Apple and Samsung are doing great work here. The next version of iOS will allow developers to make use of this technology, so we're also going to implement it in the Rublon mobile app for iPhone. Combining such a seamless fingerprint sensor with cryptography and passwords is going to result in a very strong security solution.
CT: As you already mentioned, cybercrime is on the rise due to the lucrative opportunities presented by digital currencies. How have you been preparing for this? Do you have any interesting projects in the works?
MW: We believe that the future of cryptocurrencies is in cloud-based wallets, so we're concentrating on building security solutions that will allow these providers to keep their users' accounts and wallets safe.