23 Mar 71% of cryptocurrency exchanges failed basic password security
A new research study shows that 71% of cryptocurrency exchanges are heading for a train wreck when it comes to password security.
The research report by Dashlane Inc, a New York City marketer of password-management software looked at password security for 35 leading cryptocurrency exchanges around the world.
Dashlane evaluated the digital exchanges on five key security criteria, including: a password of eight or more characters; a password including both letters and numbers; an onscreen indicator of the password’s strength; a confirmation email that omits stating the password in plain text; and any type of two-factor authentication.
Shocking security password security lapses
What Dashlane discovered was 71% of the world’s most popular exchanges leave their users exposed through weak password practices.
“Signing up for a cryptocurrency exchange is akin to signing up for a bank account,” states Emmanuel Schalit, CEO at Dashlane. “With your bank account, credit cards, bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry.”
The 10 exchanges that passed the security test included Bitcoin.de, BitMEX, BTCC, Cobinhood, Coinbase, Cryptopia, Gemini, Huobi, itBit and Paxful.
Password security problems
The password security problems fell into two key areas – dangerous password requirements and substandard security. 43% of exchanges allowed passwords of seven or fewer characters and 34% did not require alphanumeric combinations.
Fewer than 50% of cryptocurrency exchanges provide visual indications of password strength to help users ensure their security.
Who failed the security test?
Dashlane set five out of five stars as a pass level for password security. For business involve people’s money, this is not at all an unreasonable standard to expect.
The list of 25 exchanges who failed the test contained several of the biggest exchanges in the world with only four out of five stars including Binance, Bitfinex, BitStamp, Kraken and KuCoin.
Those with only three stars for their password security included Bit-Z, Coinmama, HitBTC and Localcoins.
Cryptocurrency exchanges with only two stars for password security included Changelly, Exmo, OKEx and surprisingly – Poloniex. Coinsbank with a woeful one star was the least secure of the 35 exchanges examined.
How to be more secure on cryptocurrency exchanges?
You’d think companies operating in the cryptocurrency, technology and financial space and handling customer money would have higher security standards?
Investors and consumers are also responsible for their own security in addition to that provided by any service provider.
Dashlane says the first step is to enable two-factor authentication. It also offers five tips to help consumers and investors be more secure. They’re common sense and shouldn’t even have to be mentioned, but here they are:
- -Use a unique password for every online account
- -Generate passwords that exceed the minimum of 8 characters
- -Create passwords with a mix of case-sensitive letters, numbers, and special symbols
- -Avoid using passwords that contain common phrases, slang, places, or names
- -Use a password manager to help generate, store, and manage your passwords.
This appalling lack of password security standards on cryptocurrency exchanges is easily remedied and users should choose their exchange based on higher standards of security.
The research study was carried out between March 12 and March 19, 2018. You can read more details and individual currency exchange rankings at Dashlane’s website.
Visuals: Flickr, courtesy George Thomas, Creative Commons License
Author: Jeff Domansky, Managing Editor