Search for: Search:

Two-thirds of top e-commerce sites still accept the weakest passwords

Two-thirds of top e-commerce sites still accept the weakest passwords

Two-thirds of top e-commerce sites still accept the weakest passwords, such as “123456” and “password”, without warning users that these are the very first passwords hackers will use in attempts to breach their accounts, according to a survey of 100 leading sites by password manager company Dashlane.

Two-thirds of the British companies surveyed, including Amazon UK, make no attempt to block users after 10 incorrect password entries. This could allow hackers to run malicious software which attempts multiple log-ins in an effort to breach user accounts.

The survey, which focused on 100 e-commerce sites in the UK, found that one-quarter of sites still emailed passwords in plain text, and that 60% of sites still failed to advise users on creating stronger passwords.

“It’s clear that it’s time for companies to implement better password security, which can be done cheaply and quickly using open-source technology,” the company’s Ashley Thurston writes. “On the flip side, consumers can protect themselves by creating strong passwords that are long (more than 8 characters), complex (include a letter, number, a mix of upper and lower case letters, and/or symbols).”

The survey rated companies +1 and -1 for criteria such as requiring alphanumeric passwords, emailing users when a password was changed, and using a password-strength meter to show users when they had chosen a strong password, to arrive at a total score between 100 and -100. Overall, Apple scored highest for good security practice.

The current survey is a companion to Dashlane’s previous surveys of U.S. e-commerce sites, which performed slightly better than UK companies across virtually all categories, as shown in Dashlane’s detailed breakdown here. As The Register notes, the UK results are more encouraging than those from France, where nearly one in two sites send passwords and account confirmations via email in plain text.

Veteran security writer Graham Cluley details some of the difficulties in persuading users to practise good password hygiene – and some solutions, in a We Live Security blog post here.

Charles Love has been working in the IT Support and Consulting field since 1997. Before IT, Charles was working on his FAA A&P Airline Mechanic Certification in Queens, New York. Charles' first managed services position was in 2001 on Farmingdale, Long Island, back then MSP's were called Solution Providers. Throughout his career he has provided valuable consulting to various types of customers and technologies throughout North America. Charles started out as the first Big Sur full-time hire of the now rapidly increasing technical support team. As Director of Service and Cloud Operations, Charles' role includes developing new and streamlined processes for all of Big Sur's offerings and leading Big Sur's highly talented team of engineers.