E-commerce sites criticised over enabling weak password users

Wednesday, March 19, 2014 - 16:18 by Mike Price

A new report from Dashlane, has looked at the way that British websites offering safe shopping online handle passwords from users, revealing that many sites do not do enough to protect shoppers from themselves, when it comes to the strength of the phrases that allow them access to their accounts.

Consumers are regularly reminded that it is dangerous to use a weak password when creating an account on an e-commerce site, although tens of thousands of people regularly fail to heed this warning and end up using basic, easy to guess phrases, like ?password? or ?12345,? according to The Register.

Two thirds of the shopping sites covered by the study have been accused of making it easy for third parties to gain unwarranted access to e-commerce accounts, by not preventing multiple attempts at password input.

Ten or more tries to guess the password can be made on these sites without any ramifications, letting hackers use brute force to keep inputting common, weak passwords, until they get the right combination.

While shopping online does not hinge solely on the password, it is one of the most important aspects. And the responsibility for ensuring it is not easy to exploit lies both with the consumer and the retailer.

The report did identify a few sites which are considered to offer good levels of data protection to shoppers, with Apple coming out on top in this respect. Travelodge was also highly rated by researchers, which is good news, since three years ago it suffered a data breach and has obviously learned from its mistake.

People should pick which e-commerce sites to use based on the levels of protection they offer, because you cannot put a price on data security when it comes to online shopping.