Jaxx Wallet Vulnerability - Is it really a vulnerability...
This conversation has a long history and this isn't the first time this information has been covered. It's just the first time many of you not exposed to the InfoSec world have heard it.
It is indeed true, the Jaxx Wallet is indeed stored unencrypted on the local device - in laymans terms, anyway.
If someone had access to your device and/or hacked your device, you indeed are vulnerable. OMG!!!!
In reality, if someone has access to your device who intends to steal from you or a hacker pwn's your device, you're going to be robbed either way. Let me write that more clearly and concisely - once your device is pwn'd, the hacker has already won, no matter what wallet you are using... This is very important to understand.
It's vastly more important to be securing the device that your wallet is installed on than worry about using the most secure wallet on the marketplace. I'm not saying that a impenetrable device (which doesn't exist...) allows you to use just any old wallet with a sense of security - there have been and will be more wallets that scam and steal from you. That being said, using the most secure wallet on planet earth on an old Windows XP machine is, arguably, just as bad if not worse.
Two most important things to do:
Don't allow people you wouldn't trust to access your devices - think of your device as a pile of fiat currency that equates to the total balance of cryptocurrency in your wallet, if you don't trust them to take that fiat money you shouldn't trust them to use your device.
Make sure you are using the latest greatest software. Upgrade and patch your OS (you should be using Windows 10, def not Windows XP, kind of thing...) Upgrade and patch all of the software installed on your PC regularly - keep up to date with patches because those patches are plugging security vulnerabilities. Uninstall any applications you are not using, removeing these apps reduces your attack surface.
The idea that wallets are not secure is the same argument that many have made concerning encrypted text messaging apps on phones/PCs that only encrypt text message communications, not the communications saved on the device. Correct, you should be securing the device you are sending from and deleting your history. I'm not arguing that locally encrypted data isn't a good thing that we shouldn't desire and demand, but I am saying it's a bit irresponsible to say Jaxx is insecure and not to be trusted with your cryptocurrency.
Jaxx Developers have expressed satisfaction with the security of their solution. Here are there responses to the current uproar:
Here is more responses, plus a comment from Mr Charlie Shrem:
Decide for yourself - bottom line, you should be using a hard wallet to store any significant amounts of cryptocurrency, not a software wallet...
Additional information related to the Jaxx wallet. Including responses from Jaxx Developers...
https://steemit.com/cryptocurrency/@steemitguide/jaxx-security-and-exploit-allows-easy-extraction-of-the-jaxx-s-wallet-12-word-backup-phrase