. 2 min read

Password Security at Exchanges “Incredibly Weak,” Research Shows

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.

New research, done by password manager app Dashlane this March, indicates most exchanges permit users to create accounts with “incredibly weak” passwords.

According to the research, out of 35 leading cryptocurrency exchange desks who had their password protocols examined, over 70% of them let users secure their accounts with inadequate passwords, the company posted on its blog.

They found that “a staggering 43% of exchanges let users create accounts using passwords with seven or fewer characters, and 34% do not require alphanumeric [consisting of or using both letters and numerals] passwords,” and some even enabled extremely weak passwords such as “12345” and, in one case, just the letter a.

Only exchanges that allow users to create accounts with browsers were tested; those requiring a software or mobile app download were excluded.

The Dashlane CEO, Emmanuel Schalit, said, “Signing up for a cryptocurrency exchange is akin to signing up for a bank account. With your bank account, credit cards, Bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry.”

The passing score was set at 5/5, and 71% of them failed – with the absolute lowest of them being CoinsBank, who was the only one to receive only a 1/5 rating. Criteria included whether exchanges require at least eight-plus character passwords and alphanumeric combinations, whether they had “password-strength assessment” tools implemented, along with two-factor authentication.

Cryptocurrency exchanges are not the only offenders in terms of password security. According to a previous research conducted by the same company, even giants like Google, Amazon, PayPal and Reddit failed their password security tests.

Cryptocurrency Exchange Security Best Practices
It’s critical that the first thing you do when you log in to a new exchange is enable 2FA (two-factor authentication). Every legitimate exchange allows for 2FA, and there is no scenario where you should skip this step.
For cryptocurrency and all digital accounts, these are a few easy actions that everyone should take to improve their own online security:
– Use a unique password for every online account
– Generate passwords that exceed the minimum of 8 characters
– Create passwords with a mix of case-sensitive letters, numbers, and special symbols
– Avoid using passwords that contain common phrases, slang, places, or names
– Use a password manager to help generate, store, and manage your passwords
Source: Dashlane