Dashlane: Most Crypto Exchanges Do Not Pass Password Security Tests

Industry 1 min, 54 sec READ

by Ricardo Carrasco

Password protection company Dashlane announced their first annual “Cryptocurrency Exchange Password Power Rankings”, which probed the top cryptocurrency exchanges worldwide finding that 25 out of 35 of the sites examined leave users exposed to online fraud due to low password security standards.

NYC-based password protection company Dashlane announced their first annual “Cryptocurrency Exchange Password Power Rankings”, which probed the account and password security measures taken by the top 35 cryptocurrency exchanges worldwide, finding that more than 70% of these sites leave users exposed to online fraud due to low password security standards.

Company researchers examined all participant exchanges from March 12 to March 19 2018. Only exchanges that allowed account creation on browsers were reviewed.  Those which require a software or mobile download were excluded. Each cryptocurrency exchange was tested four times under five criteria, receiving one point for each criterion met. Only exchanges with 5 points were declared “passed”. 

Criteria considered for testing included: requiring users to set passwords with more than 8 characters; requiring passwords to include letters, numbers, and symbols; the presence of two-factor authentication; the presence of a password strength assessment system; and if the site sent an activation email in order to finish account creation.

According to Dashlane´s Power Rankings, only 10 out of the 35 cryptocurrency exchanges passed the test, including Huobi, the second exchange with the biggest 24h trading volume ($1.14 Billion), Coinbase, and some other minor exchanges. Astonishingly, the remaining exchanges in the top 3 24h Volume failed to meet the test's criteria: Binance failed with 4 points (1st; $1.36 Billion) because it does not offer a password strength assessment tool, and OKEx miserably failed the test with 2 points (3rd; $1 Billion) because email verification and 2Factor are optional.

Dashlane CEO Emmanuel Schalit expressed concern regarding the results of the study,

“Signing up for a cryptocurrency exchange is akin to signing up for a bank account…” “…With your bank account, credit cards, Bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry.”

The original analysis with extra details can be found in Dashlane´s blog. All 24h exchange trade volumes reported in this article were obtained on March 31st, 2018 12am GMT-4.