Bullish on security
Insights • Jan 6, 2022 • 3 min read
Using WebAuthn to create a more secure exchange.
Passwords have been a necessity of modern life. We use them to access our email, bank accounts, social media sites, and so many other online resources that help make our lives easier. But there's a problem. Passwords are not as secure as most people think.
Password requirements often require complex mixtures of uppercase, lowercase, numbers, and special characters. On top of that, many systems want us to periodically, relentlessly, update our passwords. As a result, many people either 1) pick the simplest password that matches the requirements, 2) write down their password, and 3) reuse the same password across all of their online accounts. All of these factors, and more, can compromise the security of accounts.
What's worse, even if you do everything "right," there is still no guarantee that the system you are using has implemented modern, strong cybersecurity controls to properly protect your password. If that system gets hacked, your password could become available to the hacker, which could let them access other systems where you reused that same password. In fact, according to the Verizon Business 2020 Data Breach Investigations Report over 80% of hacking-related breaches leverage stolen or weak passwords. But, what if we could solve this problem by effectively eliminating passwords altogether? That's what we've done at Bullish.
The solution? Bullish uses a secure, multi-factor authentication process that incorporates layers of protection at every stage, which means more security for every transaction. And we have worked hard to ensure that these security layers are closely integrated and work smoothly together, so that our clients can navigate their transactions with ease.
One key element to the Bullish multi-factor authentication process is Web Authentication (WebAuthn), a web standard created by the World Wide Web Consortium (W3C) and the FIDO Alliance, with participation from some of the world’s top technology companies like Google and Microsoft.
WebAuthn eliminates many security vulnerabilities inherent with passwords by using “public key” or asymmetric cryptography. Instead of asking a user to provide and remember a complicated password, WebAuthn requires the use of either a physical security key (such as YubiKey) or an accepted built-in biometric security software protocol, such as fingerprint or facial recognition software.
When you log in to your Bullish account with WebAuthn, there is hardware-backed, cryptographic validation which not only alleviates the need to remember a complex series of characters for your password, but also provides a more robust mechanism for verifying your identity that is substantially more difficult to hack. And it eliminates Bullish’s need to store a password for you at all.
WebAuthn is not only used in the initial onboarding process and ongoing user login, it is also used to authenticate key transactions on the exchange such as deposits and withdrawals, adding a new device, updating your PIN, or creating an API key.
You’ll no doubt be hearing more and more about WebAuthn in the months ahead. Android, Google Chrome, Mozilla Firefox, Microsoft Edge, Windows 10 and Apple Safari (in preview) already support it.
At Bullish, we’re devoted to building trust in digital assets, which is why we’re investing heavily in client security. We remain committed to staying ahead of the curve to protect and secure every transaction on our platform. And as technology evolves, so will our own security protocols.
For more information on how Bullish uses WebAuthn to safeguard user accounts, and to learn about compatible devices and more, visit the link below.
Bullish is focused on developing products and services for the digital assets sector, and its flagship product, Bullish exchange, has rewired the traditional exchange to benefit asset holders, enable traders and increase market integrity. Supported by the group’s treasury, Bullish’s new breed of exchange combines deep liquidity, automated market making and industry-leading security to increase the accessibility of digital assets for traders. Bullish exchange is operated by Bullish (GI) Limited and is regulated by the Gibraltar Financial Services Commission (GFSC) (DLT license: FSC1038FSA). For more information, please visit investor.bullish.com or bullish.com and follow Twitter and LinkedIn.