Cryptocurrency Exchanges Allow Poor Password Security Practices, Research Finds

Francisco Memoria
  • Password manager Dashlane found that cryptocurrency exchanges allow users to secure accounts with inadequate passwords
  • In one case, a researcher was able to use the letter "a" as his password

Research conducted by password manager Dashlane found that some of the biggest cryptocurrency exchanges allow their users to use poor password security practices, so much so they fall behind the average mainstream website.

Dashlane researchers tested the 35 largest cryptocurrency exchanges, and found that over 70 percent allow their users to secure accounts with inadequate passwords, leaving them “exposed to financial theft due to unsafe password practices.”

Commenting on the results, the company’s CEO Emmanuel Schalit stated:

“Signing up for a cryptocurrency exchange is akin to signing up for a bank account. With your bank account, credit cards, Bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front."

Emmanuel Schalit

The company’s researchers found that 43 percent of cryptocurrency exchanges allow users to create passwords with seven or characters or less, while 34 percent don’t require alphanumeric passwords.

Dashlane pointed out that some exchanges allowed users to open accounts with rather poor passwords like “12345,” or “password.” In one case, researchers note, it was possible to open an account with the letter “a” as its password.

The company’s chief executive added that the fact exchanges allow their users to create inadequate passwords should “serve as a wake-up call to the entire industry.” Dashlane’s researchers ranked every exchange’s password security requirements with a score from one to five, with anything below five being considered “failing and not meeting the minimum threshold for good password security.

The results can be seen below:

dashlane.jpg

Dashlane further looked at whether exchanges require passwords with eight or more characters and alphanumeric combinations. Researchers also looked for “password strength assessment” tools on the exchanges they tested, as well as email confirmation mechanisms and two-factor authentication (2FA).

The password manager’s press release notes that after opening an account with an exchange, users should enable 2FA. Per the release, there’s no scenario where a user should skip this step, and every legitimate exchange should allow 2FA.

When compared to results from previous research Dashlane conducted, cryptocurrency exchange didn’t do too well. Per the release, mainstream websites like Apple, Facebook, and PayPal only had a 36 percent failure rate, while crypto exchanges were at 71 percent.