Coinbase's Siddharth Coelho-Prabhu announced on Tuesday, February 12, that Coinbase Wallet users can back up encrypted versions of their private key recovery phrases using Google Drive or iCloud. Coelho-Prabhu said the new feature is meant to provide "a safeguard for users."
With this cloud-based system, if somebody loses their device or fails to manually back up their 12-word recovery phrase, they can still gain access to their funds. They would simply use a password (that they chose) to pull their recovery phrase from their cloud account. However, the backup is only accessible via the Coinbase Wallet app.
Coelho-Prabhu maintains that, to preserve individuals' "privacy and control," Coinbase will not have access to users' funds or cloud backup passwords. Further, cloud backup is optional, meaning individuals who want to use the service must opt in to activate it.
Although Coinbase asserts that its new feature is for consumer protection, it hasn't taken long for redditors to criticize it, with one suggesting that such a backup system would incentivize hackers to attack Google Drive and iCloud. Another said the idea was "crazy and incredibly insecure," going on to describe the elaborate process they personally undertook to secure their private key.
Crypto Twitter had something to say as well. A Twitter user by the screen name of DJ Booth responded directly to Coinbase's announcement, saying that "encrypting [the recovery phrase] with a user chosen password is even worse" because people tend to forget strong passwords and often reuse passwords from other accounts.
Fear not, Coinbase users: The feature is optional. Still, it marks another attempt at allowing users to calibrate their crypto experience toward convenience. How much security they are ceding by doing so is up for debate.