New research indicates that most exchanges in the blockchain space allow users to create accounts with poorly secured passphrases.
Dashlane, an app that handles passwords and digital wallets, has reported that cryptocurrency exchange security is significantly weaker than most large tech companies: over 70 percent of crypto exchanges leave users’ accounts exposed to fraud and financial theft due to “unsafe password practices.”
The rankings, which examined password and account security on 35 of the world’s most popular cryptocurrency exchanges, found that over 70% leave their users’ accounts perilously exposed to financial theft due to unsafe password practices.
“Signing up for a cryptocurrency exchange is akin to signing up for a bank account,” states Emmanuel Schalit, CEO at Dashlane. “With your bank account, credit cards, bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry.”
Cryptocurrencies are supposed to offer a secure, digital way to conduct financial transactions, but they have been dogged by the security of exchanges where virtual currencies are bought, sold and stored. These exchanges, which match buyers and sellers and sometimes hold traders’ funds, have become magnets for fraud and mires of technological dysfunction, a Reuters examination shows, posing an underappreciated risk to anyone who trades digital coins.
Critical Security Lapses On Cryptocurrency Exchanges
Despite the growing interest in cryptocurrencies, majority of the leading exchanges lack adequate password and account safeguards for their customers. These inadequate levels of security and bad security practices leave the cryptocurrency holdings of millions of users in peril.
- Dangerous Password Requirements: A whopping 43% of exchanges let users create accounts using passwords with seven or fewer characters, and 34% do not require alphanumeric passwords. Dashlane’s testers were repeatedly able to create accounts with weak passwords, such as “12345” and “password,” and in one case, using just the letter “a.”
In addition to this, Dashlane found that less than 50% of exchanges provided users with password strength assessment tools during the account creation process.
- Substandard Security: When compared to results of Dashlane’s 2017 rankings of leading consumer websites, the cryptocurrency exchanges performed poorly. In the consumer rankings, which examined sites such as Apple, Facebook, and PayPal, only 36% received a failing score. That is in stark contrast to the 71% of cryptocurrency exchanges that failed Dashlane 2018’s examination.
For an industry that prides itself in its cybersecurity innovations, the cryptocurrency exchanges are much weaker when it comes to password security than the average mainstream website
Decentralized Altcoin Exchanges Are The Solution?
It is somewhat puzzling that anyone is using a centralized altcoin exchange when there is little, if anything, preventing the establishment of a decentralized exchange. For fiat pairs bank accounts make it as good as impossible, but for altcoin to altcoin, it is all just code moving around without any central party and needing no permission, therefore, from a technical standpoint, it should be very much feasible.
However, although such decentralized exchanges have now been a topic of debate for almost three years, none seem to have taken any significant market share. The reasons are not clear, but it may be that developers lack any financial incentives to provide such framework when it requires much time and effort yet gives them as good as no monetary reward.