Dashlane, an application that manages passwords and digital wallets, has discovered that cryptocurrency exchange security is far weaker than most large tech companies: over 70 percent of crypto exchanges leave users’ accounts exposed to fraud and financial theft due to “unsafe password practices.”
Dashlane’s first annual Cryptocurrency Exchange Password Power Rankings are a wake-up call for the industry.
There’s no doubt that users should refrain from keeping coins in a hot wallet on an unregulated exchange. Their wallets are only as secure as the exchange’s security which in the past has proved… consequential (consider the Coincheck and Mt Gox incidents).
Cryptocurrency exchanges, however, should be responsible for providing minimum security standards, especially when it comes to secure password checks.
“Signing up for a cryptocurrency exchange is akin to signing up for a bank account,” said Emmanuel Schalit, CEO at Dashlane. “With your bank account, credit cards, Bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry.”
2018 Cryptocurrency Exchange Power Rankings
The New-York based company examined the password and account security of the 35 most popular cryptocurrency exchanges in the world from March 12-19, 2018. They ranked each cryptocurrency exchange based on five critical password and account security criteria. If the website met the criteria, they would receive a point. The highest and passing score is 5 out of 5. Any cryptocurrency exchange with a score lower than 5 are not meeting minimum threshold for strong password security.
How did your favorite exchange perform?
Critical Cryptocurrency Exchange Security Lapses
Unfortunately, cryptocurrency exchange security at leading companies like Binance, Bitfinex and Kraken failed Dashlane’s test. They failed to provide “adequate password and account safeguards for their users.” These inadequacies leave the millions of people that currently hold cryptocurrencies in the exchange’s hot wallets at great risk.
Dashlane noted that many exchanges had dangerous password requirements.
- 43 percent allowed users to create passwords with seven or fewer characters while 34 percent did not require alphanumeric passwords.
- On some websites, the researchers could even create extremely weak and typical passwords like “12345” and “password” and in one instance, a password with the letter “a.”
- Half of the exchanges did not even provide users with a password strength assessment tool during the account setup process.
The company noted that, in comparison to the Dashland 2017 ranking of leading consumer sites, cryptocurrency exchange security performed very poorly. Only 36 percent of leading tech companies like Apple, Facebook, and PayPal failed the test, which is roughly half of the 71 percent of cryptocurrency exchanges that did not pass.
The lack of security is ironic. “For an industry that prides itself in cybersecurity innovations, the cryptocurrency exchanges are much weaker when it comes to password security than the average mainstream website,” explains Dashlane in its findings.
Can Blockchain Eliminate The Need For Passwords?
According to MIT Technology Review, “many technologists think blockchains can revolutionize how we keep track of our identities.” Unfortunately, centralized cryptocurrency exchange security is protecting institutions with repositories of identifying information. While the trading of Bitcoin and other cryptocurrencies occur on a decentralized blockchain network, perhaps the key to a safe online identity is a blockchain network that can specifically manage digital identities.
Another alternative is currently one of the hottest themes in cryptocurrency – the so-called ‘decentralized exchange’ or DEX. Although still subject to the user’s skill (or lack thereof) in creating a password, a DEX should theoretically be immune from the kind of large-scale heists that have plagued some centralized exchanges. Binance is exploring decentralization, while highly-anticipated startups such as NEX and Themis are promising to disrupt the exchange model further.
Evernym, a startup that’s developing self-sovereign identities, believes that a “digital identity that is permanent, portable, private, and completely secure” is “inevitable” and will solve the online problems concerning identity fraud, password hacks and lax of security. It, however, will be a while until this technology becomes widely available and implemented. In the meantime, it’s best to ensure that everyone improves their online security.
What can you do to secure your password?
As mentioned by Dashlane, if you use a unique password for online accounts, generate passwords that are more than 8 characters, have a mix of case-sensitive letters, numbers, and special symbols, avoid common phrases, and enable two-factor authentication, you would secure your online accounts.
If remembering passwords is challenging, you can use a password manager like Dashlane or LastPass to help generate, store, and manage your passwords.
While the lack of password security from cryptocurrency exchanges is concerning, it’s still your responsibility to ensure that the passwords you choose are strong and secure.