译文/Translated:
利用WebAuthn创造更安全的交易所
密码是现代生活必不可少的一部分。我们用密码进入邮箱、打开银行账号、接入社交媒体、获取各类线上资源让生活更简单。但其中有个问题:密码不像大多数人想的那么安全。
密码设置一般需要大小写、数字、特殊字符的组合。最重要的是,很多系统频繁要求我们定期更换密码。结果,很多人1)选择最简单的密码组合 2)写下自己的密码 3)利用同一套密码。这些都会影响账号安全。
此外,哪怕你都做“对”了,也不能保证你使用的系统采取了先进、强大的网络安全控制体系,合理地保护你的密码安全。如果系统被攻击,你的密码可能都会泄露出去,他们就可以获取你的其它账号。实际上,2020年Verizon年度数据报告显示,超过80%的黑客活动利用了被窃取的或保护等级弱的密码。但如果我们能通过有效地消灭密码、解决这个问题,你觉得怎样呢?这就是Bullish在做的。
怎么做呢?Bullish利用了一个安全的、多因素验证过程,它把各个阶段、各个层级的保护措施融合起来,于是每个交易都更加安全。我们还努力保证这些安全层都被紧密地融合起来、能够流畅地运行,这样我们的客户就可以轻松地进行交易。
Bullish这个多因素验证过程的一个重要组成部分是Web Authentication (WebAuthn),这是万维网(W3C)和FIDO联盟共同制定的网络标准,参与制定的还有微软、谷歌等几个大科技公司。
WebAuthn主要利用“公钥”和非对称加密解决了很多密码与生俱来的安全问题。WebAuthn不要求用户提供或者记忆复杂的密码,而需要用户利用实体安全密钥(如YubiKey)或获授权的内置生物识别安全软件协议,如指纹或面部识别软件。
利用WebAuthn登录Bullish之后,我们会利用硬件加密验证,这样就不需要你记忆一长串密码,同时也提供了一个更稳健、更不容易受到攻击的机制验证身份。Bullish也完全不需要为你们储存密码了。
WebAuthn不单单用在初始注册和登录阶段,在交易所验证重要的交易时,我们也会用到它,比如在储存、提款、添加新设备、更新PIN或创造API密钥的时候。
无疑,未来几个月,你们会不停地听到WebAuthn的消息。安卓、Chrome, 火狐、Edge、Win 10和Safari(预览模式)已经支持它了
Bullish致力于在数字资产中构建信任,这也是我们大力投资于保证客户安全的原因。我们致力于走在技术前端保护和保证平台上的每一笔交易。技术在不断发展,我们的安全协议也会不断发展。
For more information on how Bullish uses WebAuthn to safeguard.
了解更多关于Bullish使用WebAuthn保护用户账户、兼容设备、请访问以下连接:
原文/Original:
Using WebAuthn to create a more secure exchange.
Passwords have been a necessity of modern life. We use them to access our email, bank accounts, social media sites, and so many other online resources that help make our lives easier. But there’s a problem. Passwords are not as secure as most people think.
Password requirements often require complex mixtures of uppercase, lowercase, numbers, and special characters. On top of that, many systems want us to periodically, relentlessly, update our passwords. As a result, many people either 1) pick the simplest password that matches the requirements, 2) write down their password, and 3) reuse the same password across all of their online accounts. All of these factors, and more, can compromise the security of accounts.
What’s worse, even if you do everything “right,” there is still no guarantee that the system you are using has implemented modern, strong cybersecurity controls to properly protect your password. If that system gets hacked, your password could become available to the hacker, which could let them access other systems where you reused that same password. In fact, according to the Verizon Business 2020 Data Breach Investigations Report over 80% of hacking-related breaches leverage stolen or weak passwords. But, what if we could solve this problem by effectively eliminating passwords altogether? That’s what we’ve done at Bullish.
The solution? Bullish uses a secure, multi-factor authentication process that incorporates layers of protection at every stage, which means more security for every transaction. And we have worked hard to ensure that these security layers are closely integrated and work smoothly together, so that our clients can navigate their transactions with ease.
One key element to the Bullish multi-factor authentication process is Web Authentication (WebAuthn), a web standard created by the World Wide Web Consortium (W3C) and the FIDO Alliance, with participation from some of the world’s top technology companies like Google and Microsoft.
WebAuthn eliminates many security vulnerabilities inherent with passwords by using “public key” or asymmetric cryptography. Instead of asking a user to provide and remember a complicated password, WebAuthn requires the use of either a physical security key (such as YubiKey) or an accepted built-in biometric security software protocol, such as fingerprint or facial recognition software.
When you log in to your Bullish account with WebAuthn, there is hardware-backed, cryptographic validation which not only alleviates the need to remember a complex series of characters for your password, but also provides a more robust mechanism for verifying your identity that is substantially more difficult to hack. And it eliminates Bullish’s need to store a password for you at all.
WebAuthn is not only used in the initial onboarding process and ongoing user login, it is also used to authenticate key transactions on the exchange such as deposits and withdrawals, adding a new device, updating your PIN, or creating an API key.
You’ll no doubt be hearing more and more about WebAuthn in the months ahead. Android, Google Chrome, Mozilla Firefox, Microsoft Edge, Windows 10 and Apple Safari (in preview) already support it.
At Bullish, we’re devoted to building trust in digital assets, which is why we’re investing heavily in client security. We remain committed to staying ahead of the curve to protect and secure every transaction on our platform. And as technology evolves, so will our own security protocols.
For more information on how Bullish uses WebAuthn to safeguard user accounts, and to learn about compatible devices and more, visit the link below.
Discover more about our WebAuthn
原文链接/Original URL:
