UK ecommerce sites have been urged to tighten password security after a survey found that two thirds accept worryingly weak phrases.
Two in three of the top 100 UK ecommerce sites accepted passwords including '123456' and 'password,' according to a report on The Register. The research by password manager Dashland found that the same number - around 66 per cent - failed to block users after 10 incorrect password entries.
Those included Amazon UK, Next, Tesco and New Look. Dashlane said hackers often run programmes that can make thousands of password attempts which could easily be blocked by retailers limiting the number of attempts that can be made.
Dashlane measured 26 criteria such as minimum password length, acceptance of the most commonly hacked passwords and whether passwords were displayed in plain text. Teletext Holidays, Urban Outfitters and Holland & Barrett received the three lowest scores. But Virgin Atlantic and Ocado also ranked among the lowest too.
Apple was the most secure followed by Travelodge UK.
Despite the poor performance, the UK was streets ahead of some of its European neighbours. In France, for example, almost one in two sites email passwords, account confirmation or reset password emails in plain text. US site performed better.
No comments:
Post a Comment