Crypto Exchanges Falling Short On Security Measures – Studybr>
Ausfinex, an Australian cryptocurrency exchange, has released a study of coin exchanges that calls into question many of their security protocols and practices.
The study, conducted by Dr. Vidyasagar Potdar, evaluates eleven popular current cryptocurrency exchanges and primarily examines their password policies and HTTP security features. Potdar identified the many concurrent problems in the password policies of exchanges as the foremost security issue in exchange authentication mechanics. Using a six-dimensional password security rating metric, Potdar concluded that current password security implementations are far from ideal.
In the course of his study, Potdar found that none of the exchanges evaluated restricted the use of reserved words for passwords on their platforms. This means that commonly used phrases and password combinations (for example Password123 or admin123) are accepted as strong passwords. Second, several exchanges did not have a security measure in place that automatically flagged cases where numbers were used in serial order as part of the password, leading to trivial attempts at guessing passwords occasionally ending successfully.
The other component of cryptocurrency exchange security that Potdar analyzed is the employment of HTTP security headers. HTTP security headers provide an additional web security layer that is relatively simple to implement, that can mitigate a myriad of security vulnerabilities, and that should be standard practice for every cryptocurrency exchange. His findings demonstrate that the implementation of HTTP security headings is severely lacking. Out of the eleven total exchanges examined, none of them integrated an HTTP security header designed to prevent cross-site scripting attacks. Further, 54 percent of the exchanges did not employ the simple HTTP security header that tells the browser to communicate only over HTTPS, rather than the less secure HTTP protocol.
Potdar’s security study concluded with a strong emphasis on the need for cryptocurrency exchanges to provide the maximum security standards rather than the minimum security standards that most exchanges still aren’t meeting.