Inside money, markets, and big tech

Research: Cryptocurrency exchanges have pretty weak password security

cryptocurrency, excahnge, password

Paranoid cryptocurrency traders might want to go the extra mile and set up an even stronger password than their preferred exchange desk suggests. New research indicates that most exchanges in the blockchain space allow users to create accounts with poorly secured passphrases.

Password manager app Dashlane examined the password protocols of 35 leading cryptocurrency exchange desks and discovered over 70 percent of these companies let users secure their accounts with inadequate passwords.

“Signing up for a cryptocurrency exchange is akin to signing up for a bank account,” said Dashlane CEO Emmanuel Schalit. “With your bank account, credit cards, Bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front.”

“The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry,” he continued.

The researchers found that “a staggering 43 percent of exchanges let users create accounts using passwords with seven or fewer characters, and 34 percent do not require alphanumeric passwords.” The study further pointed out that testers were able to open trading accounts with weak passwords like “12345,” “password,” and in one case – just using the single letter “a.”

Dashlane has since ranked the password security requirements of these exchanges on a score from one to five. Here is the full list:

Among other criteria, the researchers looked whether exchanges require at least eight-plus character passwords and alphanumeric combinations. They also considered whether the exchanges have implemented some sort of “password strength assessment” tool, an email confirmation mechanism, and two-factor authentication.

In all fairness, cryptocurrency exchange desks are hardly the only internet-based companies failing to encourage their users to adhere to proper password security practices.

Indeed, previous research conducted by Dashlane discovered that 46 percent of all consumer websites have failed to implement even the most rudimentary password security policies. The list of offenders included giants like Google, Amazon, PayPal, Reddit, and more.

Meanwhile, anyone infatuated with bad security ought to check out this GitHub repository which collects the worst password practices across the web.

And in case your password sucks: there is no better time to update it than now.

Published March 22, 2018 — 12:00 UTC