Kai Sedgwick of Bitcoin.com has published a fantastic article that explores how cryptocurrency exchanges are starting to use ridiculous levels of authentication in order to allow people onto the exchange. Of course, the idea of this is to prevent hackers and scammers from using bots and automated programmes to access the exchange with the intention to cause harm. Whilst many of the protocols are effective (although a little humorous) we have to consider if the ultra-tight security is putting investors off, meaning less people are getting into cryptocurrency.
We’re not talking about the back-end security here, of course we want our exchanges to be secure. We are however talking about the authentication process seen at login with a number of exchanges. Gone are the days of a username and password, now, users must enter a username and password, pass a two-factor-authentication system (you know, when the login page sends a code to your phone or preferred email address). Others are using facial recognition and even, as the Bitcoin.com article points out, gesture detection.
Interestingly, you have to consider how these authentication systems are using bots and automated programmes, to detect and prevent other bots and automated programmes from gaining access, clever, isn’t it?
Here’s some examples of the crazy authentication techniques employed by some exchanges, according to Sedgwick:
“Bittrex will force you to log in twice after clicking a link in your email, stating that it doesn’t recognize your IP – even when you’re signing in from your usual location on your usual device.”
“Kucoin, meanwhile, began asking odd questions of its customers a few weeks ago, and then repeating those questions every time they went to login, much to their annoyance.”
“Completing KYC for Gate.io in a public place is no longer viable, but perhaps that’s part of the plan: to embarrass users into upping their opsec by logging in at home. As part of the verification process, users are required to recreate four out of a possible nine gestures before their webcam. From a security perspective, it’s certainly effective: bots have yet to master human gestures while pulling gang signs.”
You can see the full article by Sedgwick, for yourself, here- https://news.bitcoin.com/cryptocurrency-exchange-verification-is-getting-weird/
Now, you can see why this sort of thing may be putting people off investing, however, in the current climate, protection is paramount and therefore, we should admire the creativity that has been put in to some of these. In an ideal world, people would be able to select which level of security they want over their account, however, this means that vulnerabilities in the security of some, less secure users, could in turn but the entire network at risk, therefore, its not worth it is it?