Big ecommerce brands fail password security tests

Dashlane, a password management system and digital wallet, has published some pretty interesting information about how different online shopping sites look after their user’s passwords. It actually makes for reasonably shocking reading.

They discovered that 66% of the sites they examined accept notoriously weak passwords such as “123456” or “password”. This puts users in danger as these are often the first passwords hackers use when trying to breach accounts.

And also 66% make no attempt to block entry after 10 incorrect password entries (including Amazon UK, Next, Tesco and New Look). This simple policy prevents hackers from using malicious software that can run thousands of passwords during log-ins to breach accounts.

60% do not provide any advice on how to create a strong password during signup, and only 14% display a password meter to help their users gauge the strength of their chosen password.

And this is a real bugbear of mine. 25%, including The Body Shop, Clarks and Superdrug, send passwords in plain text via email letting any hacker that has access to your email account sign in to your other accounts.

Now, of course, looking after our online safety is our own responsibility but it’s surprising how many big players aren’t helping us take basic precautions.