At Switcheo, your security is of utmost importance to us, and Switcheo Exchange has implemented safeguards and protections to keep you safe.
Here are some web features that Switcheo has implemented:
CAA — We have implemented long lasting CAA records that will restrict issuance of SSL certificates to certain certificate authorities. This will increase the complexity of an attack with a valid certificate by preventing CAs and automated services such as LetsEncrypt from quickly provisioning certificates through DNS validation when the DNS service is compromised.
DNSSEC — DNSSEC is a recent extension to the DNS protocol, and we are actively looking to implement it. Due to the lack of support on AWS, our current DNS provider, we will need to use a different provider to implement it.
Extended Validation — EV SSL certificate enables browsers to show a company name beside the green lock on the address bar. In response to the breach, we have also begun provisioning a EV SSL certificate for our exchange domain. This will give users a second factor to check against, as it is generally harder and takes a longer time to provision an EV certificate. This will also increase the difficulty and reduce the impact of a similar attack.