The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on March 28, 2016

Mainstream sites could learn a thing about user security from drug marketplace AlphaBay

Mainstream sites could learn a thing about user security from drug marketplace AlphaBay
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

Most of us aren’t buying and selling drugs on AlphaBay, but its new security practices should make companies that rely on online purchases to stand up and take notice.

The darkweb site, which features “drugs, stolen data and hacking tools” now requires two-factor authentication (using PGP/GPG) for all logins in addition to a seven-word phrase to recover passwords. Typical sites use easily-researched clues like your mother’s maiden name, favorite sports team, or high school mascot.

You’ll also have to use a four digit PIN to transfer bitcoin to your personal wallet.

AlphaBay deployed these new measures to prevent phishing, a practice that has plagued darknet markets since their inception. Without law enforcement to investigate these extortion or theft attempts, buyers and sellers were typically out of luck when it came to recovering stolen accounts or funds.

For the sake of comparison, AlphaBay now has more secure authentication protocols than most US banks, Instagram or even Gmail. Of course, this doesn’t mean the site is more secure than the aforementioned examples — darkweb sites have had their issues with hackers in the past — but it does show an interesting disconnect between (presumably) security-conscious darkweb users and legitimate sites, such as Google.

Many of these legitimate sites offer two-factor authentication, but you’d be hard-pressed to find one that required it.