Password Protection – Shocking New Study

Password Protection – Shocking New Study

With cases of hacking and identity theft (many affecting high-profile companies) a regular feature in the news, you would think that online security would be the issue forefront in the minds of operators of e-commerce websites. Sadly and shockingly, this does not appear to be the case according to the results of a study by online password manager Dashlane, who found that many websites are allowing extremely unsafe passwords to be used by customers.

The results of the study, Dashlane’s second regarding internet security, focused on the password security practices of the top 25 e-commerce websites in the UK. Results showed that:

  • 80% of the websites studied (four out of every five) did not require the use of a symbol/number and capital letter in user passwords

  • An astonishing 16% of the e-commerce websites allowed phrases from a list of ten most-used passwords. Websites including River Island, Asda Groceries and Wickes accepted passwords such as ‘123456’, ‘abc123’ and, almost unbelievably, the word ‘password’ itself

  • More than half of the studied sites (56%) allowed users to choose a password of less than 8 characters - these included Amazon UK, eBay and IKEA

  • Apple, with its requirement for long and complex alphanumeric passwords, achieved an optimum score and was ranked the highest in the study. Closely following were Very, Boots and John Lewis

  • Improvements on the initial study had been made, with the total number of sites accepting the ten most-used passwords decreasing from 42% to 16%. The percentage of sites requiring a password containing a number, symbol and/or capital letter increased to 72% from 42%

Emmanuel Schalit, the Chief Executive at Dashlane, opined that improving password security would not necessitate ‘wholesale changes’ to e-commerce websites. “It is extremely easy for even the most basic website to implement strong password requirements… given that it’s 2015, no website, regardless of how large or small it is, has an excuse for not implementing security policies that will better secure their users, as well as maintain the integrity of the brand by protecting the company from malicious attacks”, he said.

Don’t gamble with your customers’ data - find out how to implement the best internet security practices with Brick technology  by calling our team today.

Posted in Blog on