Big ecommerce brands fail password security tests

By Dan Wilson March 6, 2014 - 6:23 pm

Dashlane, a password management system and digital wallet, has published some pretty interesting information about how different online shopping sites look after their user’s passwords. It actually makes for reasonably shocking reading.

They discovered that 66% of the sites they examined accept notoriously weak passwords such as “123456” or “password”. This puts users in danger as these are often the first passwords hackers use when trying to breach accounts.

And also 66% make no attempt to block entry after 10 incorrect password entries (including Amazon UK, Next, Tesco and New Look). This simple policy prevents hackers from using malicious software that can run thousands of passwords during log-ins to breach accounts.

60% do not provide any advice on how to create a strong password during signup, and only 14% display a password meter to help their users gauge the strength of their chosen password.

And this is a real bugbear of mine. 25%, including The Body Shop, Clarks and Superdrug, send passwords in plain text via email letting any hacker that has access to your email account sign in to your other accounts.

Now, of course, looking after our online safety is our own responsibility but it’s surprising how many big players aren’t helping us take basic precautions.

Comments are closed.

Recent Comments

38 mins ago
Stephen Wright: Great idea... tax something that is doing well to support something that is outdated in...
3 hours ago
Bryn: VAT should be starting ground for tax reforms. Make it more of a sales tax....
13 hours ago
Garry Hall: My problem was when I amended a mistake in a listing my selling section then...
13 hours ago
rich: I have just had an interesting IM Chat with ebay on this issue and they...