Coinbase isn’t taking the threat against crypto exchanges lightly and has decided to up its user login credential protecting with a state-of-the-art hashing system. From now on, Coinbase will be using bcrypt to automatically hash a user’s password before it is sent back to the Coinbase server. Coinbase will store a copy of the final hash and whenever your exact hash is returned to Coinbase, you will be able to log into your account. Each has is completely unique and cannot be unhashed thanks to the way bcrypt works. This helps to secure not only your Coinbase account, but other accounts you might have using the same login combination.
Protecting Against Credential Surfing
Credential surfing is how most “hacks” occur. A hacker will somehow acquire your login details to a particular site, then will try that same combination on a number of other popular sites – hence why using the same username and password on multiple sites is a bad idea. Coinbase’s new credential protection will ensure that no data can possibly be captured from its platform to be used in credential surfing elsewhere – that’s pretty kind of them, wouldn’t you say!
bcrypt Lending a Hand
bcrypt is one of the most secure hashing algorithms out there, for the simple reason that only one person can ever unhash it – the password creator. Since the password is used to help generate the hash itself, it becomes virtually impossible to unscramble the hash and discover the password – unlike lightly salted SHA-256 hashes. It was first launched back in 1999 and it’s still regarded as one of the most secure hashing algorithms on the planet.
Protecting Crypto Assets
There have been multiple high-profile cases where credential surfing has been used in an attack on a crypto exchange or an individual’s hot wallets. In January 2018, an Australian woman hacked into a man’s email account and managed to gain access to his crypto exchange account. She then proceeded to steal 100,000 XRP which she then transferred to her own account. Had the man’s email provider used bcrypt, his emails would have been locked out after the first incorrect attempt – preventing the theft.
In February 2019, Coinmama suffered a data breach whereby 450,000 email and password combinations where stolen. Once again, if Coinmama had been using bcrypt, the passwords would have been complete jargon and been of no use to the hackers at all.
Coinbase is stepping up its security in a bid to win over crypto traders who want a simple and secure crypto trading platform. So far, Coinbase appears to be winning a lot of fans – all thanks to a 20 year-old hashing algorithm!