Security is a major issue concerning digital wallets. A digital wallet hosts our identity, digital assets, certifications, health data and so many other types of information. This information is sensitive and valuable to us. It is important that we are the only ones who have access to it and we have methods to ensure that if we lose access to a device we will not lose all our information. The same broad security concerns about the wallet in our pocket apply to a digital wallet. We don't want to lose it. We don't want it to fall into the wrong person's hands. The advantage of a digital wallet over a physical wallet is that we don not lose the keys that protect our security if our phone falls into the wrong person's hands. If someone gets our physical wallet, they can abuse our credit cards, identifications and cash. With a digital wallet, it is locked and we are the key.
With Bitcoin, our private keys are basically the passwords that allow us to move our money. It is bad if our money is lost or stolen, but it can be much worse if our identity is stolen (lost identity can bes used to create fake IDs).
The digital wallet will allow us to store certificates and keys for all sorts of different services so we can securely authenticate our identities and interact with them. We can ensure that only us have access to our digital wallet using a variety of authentication methods. We can use passwords, PINS, fingerprints, biometrics, facial scans and other more complicated measures. There are ways of authenticating ourselves that make use of what are called Unique Dynamic Identifiers. A fingerprint is a biometric identifier but it is static. We are the only one who has our fingerprint and does not change, but because it doesn't change, someone could theoretically copy our fingerprint and use it to falsely authenticate a service. We can make it additionally secure if we combine it with a PIN or password. But PINs and passwords are problematic because we can forget them or they can be captured by key-loggers and viruses. We already have enough services requiring unique PINs and passwords and most people reuse or use similar ones just to be able to remember them all.
A major part of the problem with security is the centralization of data. When all information is stored in one place, it is a more valuable target for hacking. Hackers will try to crack even the most impressive security system because the reward is access to many people's data,centralization of data is like a honey-pot of data for hackers. Decentralizing data will finish these incentives. If they (hackers) have to put a lot of work into hacking a system and the result is only a single person's data, it will hardly be worth their time to hack people's accounts. This is the lesson to be learned from the cases of Home Depot, Equifax, Facebook, Cambridge Analytica and countless others. When we distribute and become the owners of our data, we will be in charge of our keys.
There are many different approaches to security. There's local storage, which means the information is stored on the device itself, but this can be problematic if we lose our device. There are wallets that provide a backup seed phrase (also called Recovery Key, Master Key-phrase) that acts as our master key just in case we lose our device. In this case, we need to write a sequence of words down in a secure place (on paper or anything) and ensure that it does not fall into the wrong hands. With a master seed phrase, we can install a wallet on a new device and enter the master phrase which will then recover the private keys stored in that wallet. This is effective when we are holding crypto-currencies, but it becomes more difficult when we are hosting all sorts of different information including digital identities, transaction logs, passwords, credentials, contacts, stocks, bonds etc. The main threat is if your backup seed phrase falls into the wrong hands you can be compromised completely.
So how do we have the best solution? The one way is to encourage competition so that the best solutions emerge. There are many security and authentication services and approaches on the market. An open and competitive wallet platform involves not relying on a single security service or technology for the wallet but rather allowing people to choose from a wide variety of different services. If we feel confident in SMS verification, we can use that. If we want fingerprints or some other biometric, we can use that. The open approach will also allow for the community to validate and recommend the best solutions to ensure that we are the only ones able to access our wallet.
In future, it will be possible to buy wristbands, rings and other wearables that can act as authenticators based on our heartbeat. Headbands or smart glasses could be outfitted with a ECG built in that measures our brain waves. Brainwaves and heartbeats are known as Unique Dynamic Identifiers (UDI), meaning they are not constant. They do not stay the same, but they are unique to each person, so we can always verify our identity based on them. UDIs represent a major improvement over a Static Unique Identifier, which is something like a fingerprint our fingerprint does not change, making it copyable, but the way our brain operates, the way we walk or talk or breathe, the way our heart beats, those things cannot be replicated so easily but can be used to authenticate us.
Now, how do we make sure that we can have keys on devices that could be lost or stolen and still be secure ?
One possibility that is being explored is using decentralized storage solutions. Services such as IPFS or Filecoin aim to allow us to store a secure encrypted file in a distributed fashion.
When we log in to our wallet, we could be able to pull down this encrypted file and then it will be up to the authentication mechanism we have chosen for our wallet to unlock it and provide access to the keys. This will ensure that if we lose all our devices, we'll still be able to recover all the information that's contained in our digital wallet.
How do we guarantee the security of these systems?
We need to encourage competition between authentication services to ensure that the companies that provide these services are always working to improve the security of their products.
So, after all these things - you can decide which method is more secure and which one is less secure and there are wallets available in all those categories. Now, you choose your wallet by keeping the discussed points in your mind.
Link to Answer : https://www.quora.com/Are-digital-wallets-more-secure-or-not/answer/Rajesh-Prajapati-71