Mainstream sites could learn a thing about user security from drug marketplace AlphaBay

Mainstream sites could learn a thing about user security from drug marketplace AlphaBay

Most of us aren’t buying and selling drugs on AlphaBay, but its new security practices should make companies that rely on online purchases to stand up and take notice.

The darkweb site, which features “drugs, stolen data and hacking tools” now requires two-factor authentication (using PGP/GPG) for all logins in addition to a seven-word phrase to recover passwords. Typical sites use easily-researched clues like your mother’s maiden name, favorite sports team, or high school mascot.

You’ll also have to use a four digit PIN to transfer bitcoin to your personal wallet.

AlphaBay deployed these new measures to prevent phishing, a practice that has plagued darknet markets since their inception. Without law enforcement to investigate these extortion or theft attempts, buyers and sellers were typically out of luck when it came to recovering stolen accounts or funds.

For the sake of comparison, AlphaBay now has more secure authentication protocols than most US banks, Instagram or even Gmail. Of course, this doesn’t mean the site is more secure than the aforementioned examples — darkweb sites have had their issues with hackers in the past — but it does show an interesting disconnect between (presumably) security-conscious darkweb users and legitimate sites, such as Google.

Many of these legitimate sites offer two-factor authentication, but you’d be hard-pressed to find one that required it.

Some Dark Web Markets Have Better User Security than Gmail, Instagram on Motherboard

Read next: Study says iPhone users in US spend about $35 per year on apps, mostly games

Shh. Here's some distraction

Comments