Big ecommerce brands fail password security tests

By Dan Wilson March 6, 2014 - 6:23 pm

Dashlane, a password management system and digital wallet, has published some pretty interesting information about how different online shopping sites look after their user’s passwords. It actually makes for reasonably shocking reading.

They discovered that 66% of the sites they examined accept notoriously weak passwords such as “123456” or “password”. This puts users in danger as these are often the first passwords hackers use when trying to breach accounts.

And also 66% make no attempt to block entry after 10 incorrect password entries (including Amazon UK, Next, Tesco and New Look). This simple policy prevents hackers from using malicious software that can run thousands of passwords during log-ins to breach accounts.

60% do not provide any advice on how to create a strong password during signup, and only 14% display a password meter to help their users gauge the strength of their chosen password.

And this is a real bugbear of mine. 25%, including The Body Shop, Clarks and Superdrug, send passwords in plain text via email letting any hacker that has access to your email account sign in to your other accounts.

Now, of course, looking after our online safety is our own responsibility but it’s surprising how many big players aren’t helping us take basic precautions.

Comments are closed.

Recent Comments

1 min ago
Jonah: @ Alan P Yes I quite agree Alan, I think returns are up across the board...
2 hours ago
Robert Temple Booksellers: Robert Temple Booksellers have not advertised on ABE since 2006 because of their unwillingness to...
3 hours ago
alan paterson: @ Jonah, I must admit our returns are up as well. But they have been...
3 hours ago
alan paterson: we made the decision not to sell to the EU on Amazon due to our...