Online retail giants in the UK are jeopardising customer security through inadequate password protocols

In a recent study conducted by password manager Dashlane, it has been revealed that the majority of the UK's most popular e-commerce sites have inadequate password policies. The study, which evaluated the password requirements of various retailers, found that only a few met the minimum standards for strong passwords.

Emmanuel Schalit, CEO of Dashlane, stated that a strong password should be at least eight characters long, contain letters, as well as numbers or symbols. He added that while the numbers indicate retailers are moving in the right direction, much work remains to be done.

The study found that 80% of the sites examined did not meet the minimum score of +50. Shockingly, 16% of the sites allow users to have the ten most common passwords, including 'password,' 'abc123' and '12345.' This is concerning as such passwords are easily guessable and leave users vulnerable to hacking.

However, there were some positive findings in the study. For instance, Apple received a perfect score for the third time in a row for its strong password requirements. Apple requires long, complex alphanumeric passwords, making it difficult for hackers to easily guess passwords and access accounts.

Ebay and House of Fraser also improved their password requirements, leading to an increase in their scores. Those who didn't meet the minimum score, such as Asda Groceries, River Island, Amazon UK, Debenhams and Wickes, do not require users to have a capital letter and a number/symbol combination.

The study also identified several German online retailers with weak password policies, including those that allow simple or commonly used passwords, lack multifactor authentication, or enforce minimal password length requirements. Compared to the previous study, some retailers have improved their policies by introducing mandatory two-factor authentication and stricter password complexity rules, while others have maintained or slightly weakened their standards.

It's worth noting that given it's 2021, no website has an excuse for not implementing security policies that will better secure their users. Schalit mentioned that it's encouraging to see positive password security trends in the e-commerce world.

The study also found that 56% of sites allow users to have passwords less than eight letters long, and 52% of the sites received negative scores, meaning that they had exceptionally weak password requirements. The number of sites that allow 10+ brute force logins decreased from 57% to 40%.

With two thirds of shoppers planning to make their Christmas shopping purchases online this year, it's essential that retailers prioritise the security of their users' accounts. By implementing strong password policies, retailers can help protect their customers from the threat of hacking and ensure a safe and secure online shopping experience.

Online retail giants in the UK are jeopardising customer security through inadequate password protocols