We are dedicated to constantly improving our trading platform. Since the beginning, we were very serious about data security and developed the Exscudo Exchange as a safe and fail-proof platform.
However, we are prepared to take our safety standards even further and this post is an announcement of a future update that we are now preparing.
TABLE OF CONTENTS
Further Improvements To Security On The Exscudo Exchange
We are preparing a set of changes that will boost the security of the trading platform. We are going to:
- Change password scheme and implement a modern hash storage scheme by implementing the sharing of hash and site access between different groups of administrators and systems.
- Hashes will use the modern Argon2id standard. In addition, OTP 2FA codes for login and withdrawal will be stored separately.
- A pass-through channel with RSA 3072 encryption will be used to transfer passwords between the front-end and the security server.
- We also plan to introduce the FIDO U2F token. Eventually even for hardware encryption.
- We will raise the requirements for interservice encryption for server systems in our infrastructure. Access and maintenance policies are being revised to increase security by modifying access sharing.
- We are also going to change the support and risk managers’ access policy to KYC and user personal data.
- We will implement a system where a support agent can only see the information of a specific user and won’t have access to the entire database (line-by-line access).
- We will also see all the actions of support agents in the system and will be able to audit them.
How Will This Affect You As a User?
These updates are not to the functionality of the exchange and as a user, you will not notice any difference in the interface. However, due to the improvements in the backend security on the exchange will be improved significantly.
Important: note that to transfer to the new standards we will ask all users to change their passwords.
Domain name change
Also, note that my.exsudo.com will be changed to exscudo.exchange.
Conclusion
Exscudo Exchange already was a secure platform, however, this update will bring a significant increase in security. Security updates are made in accordance with NIST for systems operating even after 2030 and protected even from quantum computing attacks in the foreseeable future.
