NO ID and NO 2FA exchange

[audereyy]

I am looking for an exchange which:

1) is not scam
2) doesn't require ID for amounts higher than 5 BTC per day
3) doesn't require google/sms 2FA, because I don't have a google account and a mobile phone and don't plan to use these in the near future
4) hash user passwords properly so in case of db leak there will be no significant account hacks and lame excuses that we heard hundreds of times already


Binance was my best bet, but unfortunately it forces to add 2FA on the 'Withdrawals' page.

p.s. please if you are about to post 'blabla 2fa is good for your security' don't spend your time, this post is only for people who are not lame and able to take care of their credentials security themselves (also check 4th point above).

[OmegaStarScream]

How can a user know how the exchange is hashing passwords? I've never seen an exchange giving such info.

I'm pretty sure that all exchanges hash their passwords very well, they have experts for that but... If the password is not that complicated though, it really doesn't matter because there is always a possibility of a brute-force attack and also, they could find other excuses If an inside job is done.

What is it that you're looking to trade though? cryptocurrencies (If yes, which ones) or fiat? I couldn't find any exchange with the characteristics you mentioned, so I will suggest using Bisq which is a decentralized P2P exchange or simply use the forums here (currency exchange section).

[TryNinja]

~

If the exchange requires 2FA, you can just use a desktop software that does that so you don't have to buy a phone (e.g: WinAuth, or a Chrome extension like Authenticator).

Binance should do the job.

[bL4nkcode]

Using exchange with having no 2fa is like a suicide. But as far as I'm concern, 2fa is not mandatory in using exchanges, it's still at your own discretion.

For password hashing, no exchange gives related to this info on their about page or somewhere in their site. Most sites that security is a priority always do it, they just differs on what kind of password hashing algorithm they are using.

[PrivacyIsImportant]

I disagree with all the above posters except ts.

> I'm pretty sure that all exchanges hash their passwords very well [...]

Quite a common myth, please look at the amount of cryptomarket breaches for the past years including 2018. Exchanges care so much about 2FA just because most of them are not ready to take responsibility once their resources are hacked and 2FA minimizes the risk of unauthorized withdrawals. Most code base of crypto exchanges is acquired on Indian and Russian cheap outsource market, which is very well known for bad security, thus, forcing 2FA is more an excuse for bad security than some reasonable thing.
There is a well known fact there are 2 category of Internet users, these who care about their online security and these who don't. Unfortunately second party is bigger, but these who deal with online valuable assets and not only use facebook should be aware of security and they are responsible for their credentials in the first place.

To summarize, exchanges that force 2FA admit the possibility of being hacked which means they are not confident with security of their sites. An ability to create the exchange should not be enough requirement for launching it, the ability to secure it should be most priority.

[uanode]

To summarize, exchanges that force 2FA admit the possibility of being hacked which means they are not confident with security of their sites. An ability to create the exchange should not be enough requirement for launching it, the ability to secure it should be most priority.

I'd must agree on that. 2FA is only useful for people who really need it, these who don't use same passwords on all sites and have security in mind are safe, the rest is a responsibility of the exchange.
Having good password hashing is quite enough to protect user accounts even after database leak, unfortunately many players still choose simple algorithms such as md5 in order to increase authorization code performance.

[Slow death]

I am looking for an exchange which:

1) is not scam
2) doesn't require ID for amounts higher than 5 BTC per day
3) doesn't require google/sms 2FA, because I don't have a google account and a mobile phone and don't plan to use these in the near future
4) hash user passwords properly so in case of db leak there will be no significant account hacks and lame excuses that we heard hundreds of times already

Well, you know that with these requirements your only option will be yobit, of course yobit has many scam accusations and it's a shady exchange, but there are not many exchanges that you can use if you keep these conditions.

Binance was my best bet, but unfortunately it forces to add 2FA on the 'Withdrawals' page.

This is a boring system, but I like this system and they are right in using this system

[Pax04]

I have been looking for sooo long this type of exchange since WEX is out of the game. Tbh, they were only exchange without 2fa/id bullshit, so sad FBI got them.

Fully agree with op and PrivacyIsImportant, 2FA is useless for certain kind of people and I am one of them.
There was only 1 time in last 15 years when my account was 'hacked' and it was a site whose db was compromised and leaked, they kept passwords in plaintext. This was a good lesson for me to choose carefully what sites to trust my passwords.

[BitHodler]

I have been looking for sooo long this type of exchange since WEX is out of the game. Tbh, they were only exchange without 2fa/id bullshit, so sad FBI got them.

Fully agree with op and PrivacyIsImportant, 2FA is useless for certain kind of people and I am one of them.
There was only 1 time in last 15 years when my account was 'hacked' and it was a site whose db was compromised and leaked, they kept passwords in plaintext. This was a good lesson for me to choose carefully what sites to trust my passwords.

You fully agree with total stupidity? Wow. This is pretty shocking to be honest. It's already bad that people are too lazy to activate 2FA, but it's beyond anything to intentionally not want to use it to secure your account.

I am actually surprised that exchanges haven't yet forced 2FA security upon their users by now, because it's basic security etiquette and fits in the category of common sense. Not using it is asking for problems.

[Pax04]

You fully agree with total stupidity? Wow. This is pretty shocking to be honest.

I am very surprised of your understanding of the stupidity term, but actually total stupidity is what you just did - making offensive speech without any correct argument.
If you need 2FA it's your choice and it's of course good for you in case you are not confident with yourself, but please don't speak for others. My argument was pretty clear and it will only make sense for people who know at least a little about information security. Now I understand why op actually wrote this:

this post is only for people who are not lame and able to take care of their credentials security themselves

[audereyy]

Oh, that escalated quickly.

Quite a common myth, please look at the amount of cryptomarket breaches for the past years including 2018. Exchanges care so much about 2FA just because most of them are not ready to take responsibility once their resources are hacked and 2FA minimizes the risk of unauthorized withdrawals. Most code base of crypto exchanges is acquired on Indian and Russian cheap outsource market, which is very well known for bad security, thus, forcing 2FA is more an excuse for bad security than some reasonable thing.
There is a well known fact there are 2 category of Internet users, these who care about their online security and these who don't. Unfortunately second party is bigger, but these who deal with online valuable assets and not only use facebook should be aware of security and they are responsible for their credentials in the first place.

To summarize, exchanges that force 2FA admit the possibility of being hacked which means they are not confident with security of their sites. An ability to create the exchange should not be enough requirement for launching it, the ability to secure it should be most priority.

Thank you for sharing this important point of view, it is exactly what I had in mind while creating this thread and believed it wasn't only me, so I was right.

I understand that some may disagree and protest about that, but the subject of this thread says NO 2FA so please guys, keep flame and discussions about importance of 2FA in some other thread, all above opinions on that subject were quite enough.

From now I will ask you to only post exchange suggestions that match my subject description without offtopic, we don't really need any pollution there.

Just to remember, I am looking for exchanges that are:

• not scam
• don't require ID
• don't require google/sms 2FA


Let's stay on-topic please.

[LTU_btc]

I think that 2FA on most exchanges is optional and you aren't forced to use it. You can disable 2FA if you want.
About verification, as I know Bitmex doesn't require for ID verification, you can try to check it.

I am actually surprised that exchanges haven't yet forced 2FA security upon their users by now, because it's basic security etiquette and fits in the category of common sense. Not using it is asking for problems.

I'm not surprised at all. I don't think that 2FA must be mandatory on exchanges. First of all, it would create problems for users like OP who don't have smartphones. If you want extra security you can enable 2FA, if you don't care about it you can just not to use it. Even such online banks like PayPal didn't forced all their users to use 2FA.

[magneto]

Your second requirement is really hard to fulfill given the nature of KYC and AML laws in most countries.

Binance and Kucoin both have limits of under 2 BTC per day AFAIK, and they obviously need your 2FA info.

The only things that are close to exchanges that I could think of is Localbitcoins and Paxful that will be able to do this to you. They're p2p exchanges obviously and not the usual "orderbook" layout, but they do not require 2FA to withdraw and they allow anonymous accounts. LBC does have a trading threshold which no one knows exactly about, beyond which you'd have to verify yourself but I don't think Paxful has this requirement.

There's an increasing amount of traders on there that trade with alts as well as fiat, but of course, not going to get the same rates as traditional exchanges that are not p2p.

[TryNinja]

~

LBC now requires KYC.

AFAIK, depending on the method of payment, you may also need to do a KYC verification when using Paxful.

[OmegaStarScream]

LBC now requires KYC.

AFAIK, depending on the method of payment, you may also need to do a KYC verification when using Paxful.

It's not mandatory in Paxful's case. It depends on the user you're trading with most of the time, some of them ask for ID for manual verification just to be safe.

If you do KYC with Paxful itself, that will make you a verified vendor and will also give you some benefits.

[magneto]

~

LBC now requires KYC.

AFAIK, depending on the method of payment, you may also need to do a KYC verification when using Paxful.

Yeah, LBC does require KYC but only once you reach a significant trading volume.

But in Paxful's case, most of the payment methods I'd say you are able to find advertisements running without verification as a requirement. Of course, that will result in much worse off rates for the buyer.

But based on OP's requirements, these are the only two that can come close. If you have this many requirements regarding anonymity, legitimacy, and security/2FA, you're going to have to be comfortable with taking a haircut in terms of rates.