Cryptocurrency Exchanges Share the Mobile Payments Nightmare: Lax Security

September 5, 2018         By: Steven Anderson

Mobile payments have long had a problem of security, or rather, a perception that security is less than stellar. Some might say it’s an earned perception, while others would say it’s no longer earned at all, but residual paranoia at work. Regardless of your stance, a new report sent our way from Ausfinex says that the security problem is at work in another part of mobile payments: the cryptocurrency exchange.

Staged by Dr. Vidyasagar Potdar, otherwise known as “Dr. Blockchain,” the Ausfinex study examined 11 major cryptocurrency exchanges worldwide, including several major Australian exchanges. Potdar examined the exchanges using a six-dimensional metric for rating password security, and the end results were surprising.

What Potdar found was that security measures are actually common, and in only a few cases do exchanges deviate. For instance, all the exchanges studied used two-factor authentication and required an alphanumeric password using both letters and numbers and a minimum of eight characters. There was even commonality in things not used; no exchange used “reserved words” in passwords, which means that no exchange forbade certain common words like “password” from being part of a password.

However, only about half the exchanges used a password strength gauge to determine overall password strength and require a certain minimum strength level. Nearly all the exchanges used an account activation email, as only a couple of holdouts kept this one from also being a sweep.

A significantly greater problem emerged in the area of HTTP security headers. These offer a little extra security, and are comparatively easy to implement. However, most exchanges studied aren’t taking advantage of this fairly simple security measure; 54 percent, for example, aren’t using the header  that instructs a browser to only use HTTPS as opposed to standard HTTP.

Essentially, the study does show some good news. Exchanges aren’t exactly skimping on security; many common factors are in play and providing security. However, even as we see some pretty robust security in the study, we also see there’s room for improvement. That’s a pretty common condition; everything can be improved in some way, especially when it comes to security.

Exchanges, don’t just be ready to win the last war. Get ready for tomorrow’s fight as well, and augment security before it becomes a problem.