Shopping sites criticised for poor password policies

Wednesday, November 25, 2015 - 12:20 by Mike Price

Although the state of e-commerce password systems in the UK is improving, a new report from Dashlane has found that there are still many mainstream shopping sites which do not do enough to ensure that customers adopt safe phrases, to prevent malicious third parties from logging into their accounts.

The study found that 56 per cent of sites which purport to offer safe shopping online to British consumers do not insist that customers create passwords with a minimum of eight characters. And 40 per cent of sites were revealed to allow more than 10 login attempts, meaning that hackers can repeatedly try different passwords until the correct one is found.

Most worrying of all is the fact that four fifths of sites do not require that customers use symbols or numbers as part of their passwords, effectively enabling the most basic and easily guessed phrases to be repeatedly deployed, according to The Register.

The good news is that the study also unearthed some retailers and companies which offer an especially secure approach to password creation, with mobile maker, Apple, singled out as the best in the business at the moment. This is thanks to the fact that all customers must use passwords which not only contain letters and numbers, but also meet minimum length requirements and must not match a list of the most common phrases used.

While Apple came away on top in terms of offering safe shopping online from a password perspective, close runners-up were companies like Boots and John Lewis.

This issue boils down to the fact that shoppers will usually pick an easy to remember phrase as their password, but these can often be exploited by hackers. So sites must be designed to insist on strong password practices to avoid breaches occurring.