Study: 70% of Crypto Exchanges Allow Weak Passwords

Over 70 percent of the leading cryptocurrency exchanges allow users to create accounts with weak passwords, a new study reveals. This leaves them exposed to financial theft due to unsafe password practices, the authors say. Less than half of the surveyed trading platforms provide password strength assessment tools.

Also read: NEM Foundation Stops Tracking Coins Stolen from Coincheck

“12345” and “Password”

Some of the most popular crypto exchanges allow customers to use dangerously weak passwords, a new research has found. 43 percent of the platforms let users create accounts choosing passwords with fewer than 8 characters. 34 percent do not require alphanumeric passwords at all, the study reveals. In many cases testers were able to set up accounts with passwords using simple number combinations like “12345” and even words like “password”.

More than 70 percent of the surveyed exchanges allow you to create weak passwords, according to the annual Cryptocurrency Exchange Password Power Rankings, presented by Dashlane. The digital security company has tested 35 of the leading crypto trading platforms in the world, examining their password and account security.

Researchers also checked if exchanges provide password strength assessment tools, email confirmation or activation, and two-factor authentication (2FA). They found that less than 50 percent of the exchanges provided account holders with tools like meters or a color-coded bars. Unsafe practices leave many customers’ accounts exposed to hacking and financial theft, conclude the authors of the study.

The fact that many exchanges allow their users to create weak passwords should “serve as a wake-up call to the entire industry,” Dashlane CEO Emmanuel Schalit said, quoted in a press release. He also noted that signing up for a cryptocurrency exchange is comparable to signing up for a bank account. “With your bank account, credit cards, bitcoin, and other digital assets potentially stored on the exchange, it’s critical that your account is locked down on the security front,” Schalit stated.

Two-Factor Authentication Is Critical

Each exchange in the survey has been tested on five critical password and account security criteria and ranked according to the points it received. Only 10 platforms have met all five criteria. These are Bitcoin.de, BitMEX, BTCC, Cobinhood, Coinbase, Cryptopia, Gemini, Huobi, itBit, and Paxful.

The study was conducted from March 12 – 19 this year. It is the first attempt by the password manager to rank cryptocurrency exchanges according to their password security procedures. Previously, the company has tested and ranked leading consumer websites in accordance with similar criteria.

Experts advise users to generate unique passwords with no less than 8 characters for each online account they open. Using numbers, case-sensitive letters, and special symbols also improves security. Passwords containing common phrases, places, or names should be avoided. Enabling two-factor authentication (2FA) is critical and should not be skipped even when you log in for the first time.

Do your online accounts meet the basic criteria in regards to the security of the passwords you use? Tell us in the comments section below.

Images courtesy of Shutterstock.

Want to create your own secure cold storage paper wallet? Check our tools section.