密码设置一般需要大小写、数字、特殊字符的组合。最重要的是，很多系统频繁要求我们定期更换密码。结果，很多人1）选择最简单的密码组合 2）写下自己的密码 3）利用同一套密码。这些都会影响账号安全。
Bullish这个多因素验证过程的一个重要组成部分是Web Authentication (WebAuthn)，这是万维网（W3C）和FIDO联盟共同制定的网络标准，参与制定的还有微软、谷歌等几个大科技公司。
无疑，未来几个月，你们会不停地听到WebAuthn的消息。安卓、Chrome, 火狐、Edge、Win 10和Safari（预览模式）已经支持它了
For more information on how Bullish uses WebAuthn to safeguard.
Using WebAuthn to create a more secure exchange.
Passwords have been a necessity of modern life. We use them to access our email, bank accounts, social media sites, and so many other online resources that help make our lives easier. But there’s a problem. Passwords are not as secure as most people think.
Password requirements often require complex mixtures of uppercase, lowercase, numbers, and special characters. On top of that, many systems want us to periodically, relentlessly, update our passwords. As a result, many people either 1) pick the simplest password that matches the requirements, 2) write down their password, and 3) reuse the same password across all of their online accounts. All of these factors, and more, can compromise the security of accounts.
What’s worse, even if you do everything “right,” there is still no guarantee that the system you are using has implemented modern, strong cybersecurity controls to properly protect your password. If that system gets hacked, your password could become available to the hacker, which could let them access other systems where you reused that same password. In fact, according to the Verizon Business 2020 Data Breach Investigations Report over 80% of hacking-related breaches leverage stolen or weak passwords. But, what if we could solve this problem by effectively eliminating passwords altogether? That’s what we’ve done at Bullish.
The solution? Bullish uses a secure, multi-factor authentication process that incorporates layers of protection at every stage, which means more security for every transaction. And we have worked hard to ensure that these security layers are closely integrated and work smoothly together, so that our clients can navigate their transactions with ease.
One key element to the Bullish multi-factor authentication process is Web Authentication (WebAuthn), a web standard created by the World Wide Web Consortium (W3C) and the FIDO Alliance, with participation from some of the world’s top technology companies like Google and Microsoft.
WebAuthn eliminates many security vulnerabilities inherent with passwords by using “public key” or asymmetric cryptography. Instead of asking a user to provide and remember a complicated password, WebAuthn requires the use of either a physical security key (such as YubiKey) or an accepted built-in biometric security software protocol, such as fingerprint or facial recognition software.
When you log in to your Bullish account with WebAuthn, there is hardware-backed, cryptographic validation which not only alleviates the need to remember a complex series of characters for your password, but also provides a more robust mechanism for verifying your identity that is substantially more difficult to hack. And it eliminates Bullish’s need to store a password for you at all.
WebAuthn is not only used in the initial onboarding process and ongoing user login, it is also used to authenticate key transactions on the exchange such as deposits and withdrawals, adding a new device, updating your PIN, or creating an API key.
You’ll no doubt be hearing more and more about WebAuthn in the months ahead. Android, Google Chrome, Mozilla Firefox, Microsoft Edge, Windows 10 and Apple Safari (in preview) already support it.
At Bullish, we’re devoted to building trust in digital assets, which is why we’re investing heavily in client security. We remain committed to staying ahead of the curve to protect and secure every transaction on our platform. And as technology evolves, so will our own security protocols.
For more information on how Bullish uses WebAuthn to safeguard user accounts, and to learn about compatible devices and more, visit the link below.