SHRM leaderboard 8/29/17

2018 Cryptocurrency Exchange Password Power Rankings™

Press Release from Dashlane

NEW YORK, March 22, 2018/PRNewswire/ --Dashlane, one of the world's most trusted digital security companies, announces the results of its first annual Cryptocurrency Exchange Password Power Rankings™. The rankings, which examined password and account security on 35 of the world's most popular cryptocurrency exchanges, found that over 70% leave their users' accounts perilously exposed to financial theft due to unsafe password practices.

Dashlane researchers tested each exchange on five critical password and account security criteria. A site received a point for each criterion they met, for a maximum and passing score of 5/5. Any score below 5 was considered failing and not meeting the minimum threshold for good password security.

"Signing up for a cryptocurrency exchange is akin to signing up for a bank account," states Emmanuel Schalit, CEO at Dashlane. "With your bank account, credit cards, bitcoin, and other digital assets potentially stored on the exchange, it's critical that your account is locked down on the security front. The fact that most exchanges allow their users to create incredibly weak passwords should serve as a wake-up call to the entire industry."

For more information, including the full data set, go to:

2018 Rankings

  • 5/5 Score (Best)
    • BitMEX
    • BTCC
    • Cobinhood
    • Coinbase
    • Cryptopia
    • Gemini
    • Huobi
    • itBit
    • Paxful
  • 4/5 Score
    • Binance
    • Bitfinex
    • Bitstamp
    • Kraken
    • KuCoin
    • Livecoin
    • Qryptos
    • xCoins
    • YoBit
  • 3/5 Score
    • Bibox
    • Bit-Z
    • Circle
    • Coinmama
    • HitBTC
    • Lbank
    • LocalBitcoin
  • 2/5 Score
    • Changelly
    • Exmo
    • OKEx
    • Poloniex
    • Simex
  • 1/5 Score (Worst)
    • CoinsBank

Critical Security Lapses
Despite the growing interest in cryptocurrencies, most of the leading exchanges fail to provide adequate password and account safeguards for their users. These inadequate levels of security leave the cryptocurrency holdings of millions of users in peril.

1.Dangerous Password Requirements: A staggering 43% of exchanges let users create accounts using passwords with seven or fewer characters, and 34% do not require alphanumeric passwords. Dashlane's testers were repeatedly able to create accounts with weak passwords, such as "12345" and "password," and in one case, using just the letter "a."

Additionally, Dashlane found that less than 50% of exchanges provided users with password strength assessment tools during the account creation process.

2.Substandard Security: When compared to results ofDashlane's 2017 rankingsof leading consumer websites, the cryptocurrency exchanges performed poorly. In the consumer rankings, which examined sites such as Apple, Facebook, and PayPal, only 36% received a failing score. That is in stark contrast to the 71% of cryptocurrency exchanges that failed Dashlane 2018's examination.

For an industry that prides itself in its cybersecurity innovations, cryptocurrency exchanges are much weaker when it comes to password security than the average mainstream website.

Cryptocurrency Security Best Practices
It's critical that the firstthing you do when you log in to a new exchange is enable 2FA (two-factor authentication). Every legitimate exchange allows for 2FA, and there is no scenario where you should skip this step (check out Dashlane's guide tobuying Bitcoin safely).

For cryptocurrency and all digital accounts, these are a few easy actions that everyone should take to improve their own online security:

  • Use a unique password for every online account
  • Generate passwords that exceed the minimum of 8 characters
  • Create passwords with a mix of case-sensitive letters, numbers, and special symbols
  • Avoid using passwords that contain common phrases, slang, places, or names
  • Use a password manager to help generate, store, and manage your passwords

The study was conducted by Dashlane researchers from March 12 – 19, 2018. The researchers evaluated five security criteria on 35 popular cryptocurrency exchanges. Only exchanges that allow users to create accounts with browsers were tested; those requiring a software or mobile app download were excluded. Dashlane tested each site a minimum of four times to confirm the accuracy of results. A site received a point for each criterion they met for a maximum score of 5/5. A score of 5/5 was deemed as passing and meeting the threshold for strong user password security. The rankings indicate the security levels of each exchange with regards to passwords and account protections only.

1. 8+ Character Password

  • Tested by creating a new account on each website. Dashlane researchers attempted to create passwords less than 8 characters irrespective of the exchanges' stated minimum password requirements.


  • Tested by creating a new account on each exchange. Researchers attempted to create passwords with all letters ("password") or numbers ("111111").

3.Password Strength Assessment

  • Tested by creating a new account on each exchange. If the exchange provided any notification, such as a meter or color-coded bar, they were credited as providing an assessment. Sites that only provided confirmed password length or where requirements were met did not receive credit.

4. Account Creation Email

  • An exchange was credited if they sent the user a confirmation or activation email after the account was created. If the exchange sent a password in plain text they did not receive credit.

5. 2-Factor Authentication

  • Exchanges were credited if they provide any form of two-factor authentication.

About Dashlane
Dashlane, one of the world's most trusted digital security companies, takes the pain out of passwords with its password manager and secure digital wallet app. Dashlane allows users to securely manage passwords, credit cards, IDs, and other important information via advanced encryption and local storage.

With so many devices, the line between home and work no longer exists. Thankfully, Dashlane works everywhere, for everyone. The company has helped 9.5 million consumers manage and secure their digital identity and enabled over $13 billion in e-commerce transactions. Dashlane Business is trusted by 7,000+ companies to create, enforce, and track effective access management, and features the only patented security architecture in the industry.

The Dashlane app is available on PC, Mac, Android, and iOS and has won critical acclaim by top publications includingThe Wall Street Journal,The New York Times,andUSA Today. Dashlane is free to use on your favorite device for life and costs $39.99/year to sync between an unlimited number of devices.

Dashlane was founded by Bernard Liautaud and co-founders Alexis Fogel, Guillaume Maron, and Jean Guillou. The company has offices in New York City and Paris and has received $52.5 million in funding from TransUnion, Rho Ventures, FirstMark Capital, and Bessemer Venture Partners. Learn more

Companies Mentioned in this Press Release:
Business Categories Mentioned in this Press Release: