Real-time Password Scanning - Security Upgrade #1
As mentioned in our previous post, Coinhako will be ramping up security efforts to augment our platform’s cyber resilience.
With real-time password scanning as an added security feature, we will be running automated cross checks against external databases, for credentials that have been leaked from other services.
This will allow us to better protect your accounts from hackers.
How do hackers log into accounts?
While Coinhako already employs best practices such as the use of captchas and 2 factor authentication (2fa), there have been increasing instances of hackers using credentials leaked in previous breaches, to try and locate valid accounts on other services such as Coinhako.
While Coinhako has not suffered a breach,
Users who reuse the same password(s) as one that might have been from a previously hacked service, are at risk! Not just at Coinhako, but for any other online services that might bear the same password(s) as well.
With this latest security update, we are able to proactively identify and warn users about their exposure to such risks.
How does the password scanning work?
Do not worry— Coinhako does not know your password!
We adopt industry best practices and hash all passwords on our system, when a user signs up for an account. As password hashing is a one way process, there is no way to recover the passwords.
To authenticate account logins, passwords are hashed again and our system compares the newly computed hash against the hash that is already in storage.
When we hash your password through the sign in process, we will also hash and compare it against a list of passwords by HaveIBeenPwned, a trusted service that compiles a list of known breaches across the world.
Your Coinhako password and its hash will never leave the Coinhako system, as checks against the list of hashes on HaveIBeenPwned are done entirely within; we will never share user account details with any third parties.
These scans will be run constantly, and it will allow us to alert you should your Coinhako password be exposed to new breaches, on other services.
How will you know that you are at risk?
If your password is flagged as being present in a breach, we will send you an email requesting you to change your password.
If you do not receive any emails related to this, you're good to go!
What else can I do to safeguard my account?
Passwords serve as the first layer of defense for your account. There’s more you can do to ensure better account security.
You should also ensure that Two-Factor Authentication is enabled, and that your email account has a unique, secure password.
Remember, if someone is able to sign into your email account, they could reset the password for your Coinhako account and other services.
📩 Subscribe to our mailing list to have the latest information delivered straight to your inbox!
👀Read more updates on our blog!
*The information presented in this article does not constitute investment advice and is purely for educational and/or informational purposes.