
Web3 CMO Stories
Get ready for some high-energy, no-BS conversations with top marketing leaders and tech entrepreneurs from every corner of the world. We’re diving deep into Web3, Crypto, Blockchain, AI, Digital Twins, and the Metaverse. It’s all about real insights and actionable strategies to keep you ahead of the game.
Supported by CoinDesk!
Web3 CMO Stories
How Secrets Vault Simplifies Security with Images: For Crypto and Beyond | S5 E01
Unlock the future of digital security with us as we chat with Gerard Cervelló, CEO, and Jordi Puiggalí, CTO of Secrets Vault. These two innovative minds promise to transform how we think about cybersecurity by leveraging visual cryptography to protect the seed phrases of crypto wallets.
Discover how their novel approach not only simplifies backup processes for Web3 users but also offers a robust alternative to traditional passwords by using images. The potential of this technology to revolutionize identity and access management is vast, and our conversation dives into its integration with existing security systems, providing a user-friendly and secure solution for managing digital credentials.
As we explore practical use cases, you'll hear firsthand accounts from beta testers about how Secrets Vault is already safeguarding crypto wallet information, financial accounts, and sensitive documents. Beyond just the technical details, Gerard and Jordi also share invaluable insights on building trust within communities, emphasizing transparency and expert validation.
They tackle cybersecurity myths and offer straightforward tips to enhance your digital safety. Plus, get a sneak peek into their exciting project, Secrets Vault, and why it could be the next big thing in digital protection.
Join us for this insightful episode and learn how to stay ahead in the evolving landscape of cybersecurity.
This episode was recorded through a Descript call on January 21, 2025. Read the blog article and show notes here: https://webdrie.net/how-secrets-vault-simplifies-security-with-images-for-crypto-and-beyond/
Discover RYO: the Web3 payment solution making crypto simple and secure for everyone. Featuring an expansive ecosystem with LIFE Wallet, Global Mall, and Japan’s first licensed Crypto ATM Network, RYO empowers your financial journey. Awarded 'Best Crypto Solution.'
One thing that I believe personally that will have an impact in cybersecurity in Web3 and Web2 will be the application of artificial intelligence to be more proactive in preventing and detecting issues. Because of that, guys, the cybersecurity criminals, are using these tools already.
Joeri:Hello everyone and welcome to the Web3 CMO Stories podcast. My name is Joeri Billast and I'm your podcast host, and today I'm really excited because I have two guests. We have Gerard Cervello, who is the CEO, and Jordi Puiggali, who is the CTO of Secrets Vault. Actually, I met those guys at the web summit in Lisbon. We really had directly a good connection and I'm happy to have you on the podcast. How are you today?
Gerard:Very good, it's good to be here, also really excited to be in your podcast.
Jordi:Yeah, sure.
Joeri:Yeah, guys, it's a pleasure to have you. For the people that don't know you, Secrets Vault really has an amazing solution. I heard about it at the WebS ummit. They have a solution to protect a seed phrase of a crypto wallet with an image. That's, in easy words, how I would say it as a marketer, guys. But, yeah, let's dive into the conversation the idea of Secrets Vault, Gerard, how did that come to life and what problem are you solving in the digital security space?
Gerard:Okay, that's a good question. In fact, it started with a problem for Web3 users how to protect or make simple backups of cheat phrases. Jordi and Michelle were thinking on different opportunities or projects to be done in this market and the first problem we found is, if I want to reach my sister not even my mother how I can simplify her life because she needs to get into you. Have a wallet backup, a cheater that will never fly. Jordi is an expert in cryptography and image processing. We came across the idea of combining advanced cryptography with processing images to provide a very simple but secure way to backup or protect digital information. That's the origin of Secret's world.
Joeri:Yes, thank you Gerard. Yeah, it sounds so logical, simple, but really solving a problem that's there in the space, of course, because people are worried about their seed phrases and they think it's really complex also, you know. But yeah, Jordi, what exactly is visual cryptography and why do you believe it's a game changer for digital security?
Jordi:okay, no, yes, visual cryptography, it's a branch of information security, but the main focus is how to use images for protecting information.
Jordi:A simple example is let's assume that you have an image that things are in red, other things in blue, and then you put a glass that has a blue filter red filter. When you put the red filter, you only see blue, and when you put the blue filter you see only the red part. So I'm hiding information depending on the filter I'm using, and this is a basic example. There are multiple ways for using virtual cryptography and in our case, we are just using images for extracting cryptographic information that we can use for protecting any type of digital asset. So we think that this will be a game changer, because now, for protecting any information, you are asked for providing long passwords and complex information, and we think that an image that has a lot of bits, it's something that is easy to remember for everybody and, at the same time, it's providing a high level of security, because you have a lot of information that allows you to protect what you want to protect.
Joeri:Absolutely. You make it sound so easy, Jordi. There is a lot of technology behind it. It's really, for me, something innovative Because in a world of passwords, biometrics, passkeys, you know there are different solutions on the market. I would say I have a question for Gerard. How does Secrets Vault stand out and provide a simpler alternative?
Gerard:Very good. So, basically, secrets Vault is like a complement or a replacement of passwords. As we say in our image Use an image, not a password, and why we are. As you say, there are many other solutions in security for protecting data or accessing systems that are typically user-friendly and very capable, but the reality is that in the last 60 years and for the foreseeable future, passwords will still be the most widely used mechanism for achieving this.
Gerard:Why? Because they are ubiquitous, they are very easy to be used in many different situations and legacy systems, new systems, and the main reason for my point of view is because they are very convenient, which means they are cheap. It's very cheap for a company to deploy a system or a tool that allows people to access, protect data. Right, then, our approach is how we can leverage all these benefits of passwords, but improving dramatically their weak point, which is usability, and this is the concept of the image. Instead of remembering what you already mentioned 15 random numbers, letters, symbols, passwords what is easier to remember? An image, a picture that I take, some memorable moment of my life or the life of my family, etc. And that's where we stand out and where we fit into this market, let's say, the life of my family, et cetera, and that's where we stand out and where we fit into this market.
Joeri:Let's say yeah, I can also imagine if it's you know 15 characters, but most people take a password of less characters than it's you know. They are solutions, softwares, hackers that try to hack it and so on. An image it says so much information in it. I would imagine you hear it also on the news major data breaches making headlines. So what are for you, Jordi? What are the biggest security threats businesses and individuals face today?
Jordi:Yeah, one of the main threats is account takeover and usually it's because people are using weak passwords, not only for authenticating but also for protecting their assets. An example is the wallets, and the main problem is that if someone takes this password, then can use or get access to all of your information, install your data, etc. Et cetera. So we think that one way for making more difficult for attackers to take the access, to take the account of someone is, instead of using a password, that maybe you can make passwords more complex, but the more complex is the password, then you have a second problem, but then you forget the password and then you block your account. Second problem that then you forget the password and then you block your account. So our idea is that we can use these images as a complement or substitute these passwords, so then for an attacker it's more difficult to know which is the image that you are using for getting access to your account and then store your information, rather than using standard passwords or any other thing.
Jordi:And we think that this is one of the advantages of what we are providing, because nowadays it doesn't matter that there are multiple ways for authenticating. But usernames and passwords still is there and will be there for a long time.
Joeri:Yeah and will be there for a long time. Yeah, so it's definitely. I think the message is clear. How to protect passwords? Sorry, yeah, maybe seed phase or something else with an image. Of course, we are here on the WebCMO Stories podcast, so from the standpoint of a marketer, an entrepreneur, it can also be interesting to protect their digital assets, their customer data. Do you have any comment on that, Gerard? How marketers and entrepreneurs could use visual cryptography.
Gerard:Sure, they just need to access our web app. They need to go to secretsballxyz and then they can start using our application that we've seen in beta. At the end of January it will be in production and it's very easy. You just need to register using some social login, another crypto wallet, or you register with your email and then you can start protecting any type of digital information. You want your seed traces, data about your customers, your account, your passwords, some critical documents, information. You want your seed phrases, data about your customers, your account, your passwords, some critical documents that you want to store and maybe later share with some loved ones. It's super simple. I recommend you go and in two minutes you are done.
Joeri:Yeah, depending who it is, you know, if it's for your personal, your private, I would say information or seed phrases or secrets that you have, you can protect them. Or you have a business or an entrepreneur, you can protect it with an image, but of course many businesses still rely on legacy security systems. So that's a questions for Jordi how does Secrets Vault integrate with existing infrastructure?
Jordi:Yeah, one of the ways that we are approaching this problem, especially with legacy systems, is that these systems relate usually on standard authentication mechanisms like a username and password. Some of them are just adding maybe a second factor for authenticating, and our idea is that we have two different approaches. With images, we can do two things. One is we can substitute passwords, so these legacy systems, instead of using a password, they can use our image. One other alternative is that you can use the image for protecting the password. Maybe you cannot change the mechanism for authenticating in these legacy systems they still need to relay on passwords but maybe you can use long passwords.
Jordi:That is the main problem, the main usability problem that this system has, that people then need to remember long passwords and protect this password with the image, so you only need to remember the image. From the image, we can recover this password and then the password is used for login. It's like a password manager, but instead of using another password for protecting your password, you can use an image. That may be simpler and then it can be even stronger, because even for password managers, if someone gets your password, they can get access to all your passwords, and here you can use something that is more complex from breaking from the security point of view and it's easier for users to remember yeah, in general, lots of people maybe that are not in crypto, but they are just, you know, using the same password, easy password, everywhere, which is a big risk, of course.
Joeri:So then, using a system like Secrets Vault could really be a step in a good direction. Now, yeah, I want to talk about also identity and access management. Web3 plays a role in the future of identity and access management. And, yeah, Gerard, how the Secrets Vault align.
Gerard:We can expand this for many hours, but let's see if we can summarize it. So, on identity, Web3, from our point of view, will play a big role in identity for managing in a centralized way personal identities or entity identities. Now, this is very centralized on governments, but there are a lot of interoperability issues and there are different standards and proposals to at the end, people have a type of wallet wallet that is a wallet where you just you just don't just store your crypto assets. You store your identity documents and other parameters associated to your life, your studies, your whatever right. In this case, secret work can be very useful for backing up this data. Again, it's another type of wallet that you need to protect, that you need to manage, and, and then it's easier to just manage it with an image that you need to protect, that you need to manage, and then it's easier to just manage it with an image that allows you to recover the access to the wallet. It only happens In terms of authentication.
Gerard:Web3 brings different solutions. We think one is providing a very transparent track log of what is doing people, but this is something that can be also decentralized. More than decentralized, it can be transparent using blockchain technology. But the other thing is that, again, with wallets, you are having crypto keys that can be used for a strong authentication, but that will not just be enough, so you will need multi-factor authentication mechanisms and alternatives where, again, secret work can bring value. You can use images as another factor of authentication when you log in a system. You can use images as another factor of authentication when you log in a system, and it's much easier to remember how to operate than looking for a code in an application that changes every minute.
Joeri:So there are many, many, many use cases that we can bring value with Secrets Vault in this identity and authentication market. That is coming Right. Yeah, identity, identity management, identity Web3, really important. But yeah, we mentioned already it's a really easy way for password management and you protect yourself better. But maybe for our listeners are there typical use cases, Gerard, where you see visual safeguard, you know making the most impact.
Gerard:Yes, and we have some. As I mentioned, we have been in three months in our beta version, so we got feedback from different beta testers of what they achieved or what they found right. One of the main use cases is backing up wallets, crypto wallet information, but not just crypto wallet information. Sometimes it's financial information. We got a case where a person told us that he had an account in a betting website that his wife was not aware of. He didn't want she to know today, but in the future, maybe, if something happened to him, he wanted his wife to get access to his money. So he said, oh, I can protect my seed phrase, I can backup my access to this account, I can configure that if something happens to me, my wife will get access to these systems. So we were then envisioned this originally, but that was a curious case of protecting access to digital assets at the end, or to wealth.
Gerard:Another curious use case we got is people protecting passwords and obviously sensitive for important documents for the family. We got a family that they had different things written down in a piece of paper and real case, the dog ate or have tore apart the paper, but just maybe three days ago, four days ago. They had put a photo of this as a secret, to be stored in a secret vault as a test, and they say, wow, luckily we have done this. We use a picture of one of the family cat that was sent by WhatsApp to the rest of the family members. So at the end, recovering this was nothing. It was recovering the image from the WhatsApp, going to the application and printing again that piece of paper. That was a picture that they have taken. So there are many use cases that go beyond original intent of crypto wallet backup and I think we will see more and more use cases of these different things.
Joeri:Absolutely. When you are launching, we will hear more and more stories from people using it, but I think those two stories are already something that people can really imagine. Yeah, lots of people have a dog. I actually have two bunnies here and they can also eat stuff. You know, they can eat books and so on. So, yeah, that's, that's really something I think people can imagine, and it's better to be safe than sorry, like you always say. Now, yeah, I would say yeah in general, when we talk about security mostly, and usability, those things are opposite, opposite, right, so they often clash with each other. So then I'm wondering how the Secrets Vault balance so security on the one side, usability on the other side, to have the best user experience.
Gerard:I'm talking a lot. This is for you, okay.
Jordi:Now I think that what is important is what I said before, that at the end, the most security or the most complex the security becomes, then the more larger are the password and more difficult to remember. And just to show, just to compare how it works in passwords and in images a password, for instance a letter, is equivalent to eight bits of information. So do you have eight bits of security with a password? But if you think about a picture, a pixel of a picture, you have three colors and each color is eight bits. So you are multiplying by three, just only with one pixel compared with one letter. So if you start to think about a picture that maybe you have 10 megapixels, then you have 10 millions of bits, that is, more than 10 millions of letters.
Jordi:So what is important here is that the security is demanding larger passwords for making more complex to break the system. The problem is that the larger the password, the more complex it's for the user to remember this password. But with an image you have large, larger information that is easier to remember because it's a picture, it's something visual. So if you can substitute these long passwords with an image, you are improving from the point of view of security because you have more bits of security but at the same time you're improving from the point of view of usability. It's easy to remember an image that may be 1,000 password letters and maybe you have the equivalent from the security. Point of usability. It's easy to remember an image that may be 1,000 password letters and maybe you have the equivalent from the security point of view.
Gerard:Yeah, let me add something, Joeri, the other day I was in the radio and some family members and friends listened to me and they say, wow, it sounded very easy, I can do that. People that are asking me sometimes how to add or remove an application from the phone they are the techie guy in the family how this works so they say, oh, I didn't know, it was so easy On my side, for my side didn't explain that, but that usability or simplicity, is key in our system.
Gerard:And we are seeing that with the beta testers.
Joeri:Yeah, yeah, I love that. So actually, a lot of things are happening today in the crypto space, Lots of innovation and trends all the time. For me, this is really something unique that I've seen. But are there maybe one of you guys can answer, or you can both answer but are there certain innovations or trends that you see in the cybersecurity landscape, be it in Web3 or outside of Web3?
Jordi:Okay, this time.
Gerard:Well, there are many innovations that to Web3 are coming, innovations that were common in Web2. Antiviruses, systems to protect infrastructures that were not usual. Obviously, we have the typical web 3 or unique web 3 security measures like scanning and checking the security of smart contracts, validating the transactions before they are done to avoid being scanned, but they are progressing. They have been there maybe for two, three years, four years, but they are progressing. They have been there maybe for two, three years, four years, but they are still not mature enough to be easy to use and massive.
Gerard:One thing that I believe personally that will have an impact in cybersecurity in Web 3 and Web 2 will be the application of artificial intelligence to be more proactive in preventing and detecting issues, because the bad guys, the cybersecurity criminals, are using these tools already for figuring out new type of attacks and infiltrating and hiding their tracks to typical tools. So there will be a it's always a race. Sometimes one will be ahead of the other, but I know of many companies that are applying artificial intelligence to improve the real-time detection of this type of attacks and mitigation. That will be my contribution to this point.
Jordi:Yes, because in the Web3, if I'm not wrong, last year it was reported more than $2 billion stolen by attackers, and the main objective that they have is try to think or break smart contracts. While witnessing the smart contracts that they can use for moving digital assets or cryptocurrency to other accounts or breaking into the wallets of the users, the innovation is going, how they can prevent this. One thing is, as you are saying, artificial intelligence, so they can analyze the different transactions in the blockchain just to see suspicious behaviors that are possible in attacks and they try to stop these transactions. They can notify with the owner of the wallet so they can stop that this could happen and move the remaining assets that they have to another place.
Jordi:Or, for instance, how they can improve the security of their wallets that someone cannot stall the keys of their wallets and then can use it for making these transfers, and one of the innovations that we are working in this case is how we can protect their wallets with images instead of seed phrases, because one of the typical attacks is that someone has the seed phrase stored somewhere, maybe in Google Drive. Someone takes the account of Google Drive of this person, sees this phrase, reconstruct the wallet and then install all the different ways. There are innovation. Now it's going to these different parts of how to stop attacks against weaknesses in the smart contracts and how they can protect better the access to the wallet.
Joeri:Yeah, protect, better the access to the wallet. Yeah, now, I love the solution too in this case, because no one will know which image you use to protect your seed phrase. That's something that you only know, or maybe your family members or maybe you know it. And so if you click on the wrong link like, or you send, you know there are so many scams out there and they are on your computer, but they don't know about the image. So then you know they are still. You're still safe on that side. So that I love there are so many scams and they're getting better and better. You mentioned AI. You know this doesn't help. You know this does help the scammers. I would say so maybe talk about maybe some misconceptions that people have about cybersecurity. Are they maybe some misconceptions? And maybe how can people shift their mindset?
Gerard:let's talk about two. One is big one. The first one that a lot of people tell us, but have been for many years, is this will never happen to me because I am nobody, so hackers will never pay attention to what I am doing because I am an individual. That's false. It's a false conception because hackers really don't know about you, but they are using a lot of automated tools. What they do is they launch attacks, what they are called spray and break. They are scanning, testing everything with automatic tools, and when they find some hole, they just get into the hole and try to do things like scanning your computer to see if they find passwords, if they find seed phrases, and all this is done automatically. So it doesn't matter if you have $1 in your accounts or $10 million. You are in the same situation for these guys.
Gerard:So it's very important that then you pay attention and educate yourself on cybersecurity. You do what we call common sense things. Use an antivirus. Don't click on links or smelly places. If you don't know this email or sounds odd, don't click on it. You get a message from somebody that you don't know. Be cautious. If something is too good to be real, probably it's a scam, so don't go after that. That's common sense. So that would be the main point for me, for the people.
Gerard:Another thing that is more linked to Web3 is that we have found many people that believe that having a hardware wallet solves all their problems. Hardware wallets are good because they reduce a lot the potential of being hacked, of being stolen, but again, it's a device that holds your seed phrase. So if you lose the device, you lose access to your assets. So we are educating many people more than I expected, to be honest, that it's good that you have the hardware wallet, but you need a backup system. So Secrets Vault is's good that you have the hardware wallet, but you need a backup system. So SecretBall is a complement. You have the hardware wallet to prevent hacking, but you have SecretBall to have a backup, an easy backup, of your assets. So the combination of both is what gives you the higher resilience, let's say to don't miss or lose your assets.
Joeri:Yeah, so it gives you a good feeling of security. Indeed, I love the misconceptions that you mentioned, because a hardware wallet does not protect for everything. Now, as entrepreneurs and as tech leaders, what advice would you give to marketers looking to build trust and security in their communities? Gerard, and, if you want, Jordi, you may also add your thought, but I would like to hear Gerard answer.
Gerard:Okay, why don't we say there are a few things that you can do that are, again, common sense? First of all, be honest with your audience. Deliver what you promise to deliver. That will help you to really gain the trust from your audience. Then you need to adapt your message to the level of knowledge of your audience about what you are doing. In our case, to be honest, it has been difficult. We are cryptographers.
Gerard:We are cybersecurity guys and we need to adapt all the complexities, simplify it, because the majority of people are saying my sister or my mother will not understand it, but they need to use it. So I would say this be honest on what you say, deliver what you promise, adapt your message to your audience and then you will get trust. Slowly, but continuously, you will get the trust of the community.
Jordi:Yeah, in my case, I'm coming more from the technical part. Let's say that we have two different audiences. We have the final user that usually is not an expert on cryptography or security, and then you need to give them an easy message that they understand that this is where they have more experience.
Jordi:And then I have also the other parties are the experts, because they are also important. In case that you are providing something that is secure, you need also to be validated by experts. And in this case we are also working with security experts, with academics, because it's also important, especially on cryptography. And then this also gives you more confidence that what you are doing is just not only a crazy idea, that you think that is secure, that you have also a community of experts that support this idea, that is not something that you are just only marketing, but you also have experts. That, in case that someone say I want to evaluate what you are doing and suddenly say it's full of problems, that then you don't realize that maybe the community is saying that it's not secure because you don't start first or you don't also include them on this evaluation. So I think that this looking for a balance of these two different audiences is when you can achieve this confidence.
Joeri:Awesome. Well, thank you so much, Gerard and Jordi, to shed a light on all of my questions, and I love the way that you see that you're used to speaking in public and maybe or to come on the radio even to answer to the question and to really give information for the audience. So now, people listening. When this podcast episode comes out, it's around the time that you will be launching your new product. If people are interested, you know where would you like me to send them?
Gerard:Send them to our website, secretsballxyz, and they will see all the information about the project, the security, et cetera, and from there they will be able to access the application.
Jordi:And even if they want to learn more about the security of what they are doing. Also, the information is there. So everything is there for every kind of audience absolutely so.
Joeri:Yeah, I would advise you listeners to to check out the website because, yeah, of course you can can register over there, but also all the information, because I checked out the website, I've seen all the information, everything that Jordi has already done in the past, all the certificates that you have, also the background of Gerard. You know both experienced entrepreneurs. Be sure to check out their website. Well, Gerard and Jordi, it was really a pleasure to have you on the show.
Gerard:It has been a pleasure to be here. I hope that in one year we can talk again and talk about the progress and the new cases we get from users, how they are using the system and new cats and dogs.
Jordi:It has been a pleasure Thanks.
Joeri:Guys, you see what an amazing episode with a lot of value. You know, with entrepreneurs with a lot of experience who are building something new, are really excited about this project. So if you think that this episode is useful for people around you, if Secrets Fold can help people around you, be sure to share this episode with them. If you're not yet following the show, as I always say, this is a really good moment to do this. If you haven't given me a review yet, if you give me these five stars, this will help me reach an even bigger audience and, of course, I would like to see you back next time. Take care.