Today, Dashlane announces the first edition of his quarterly Roundup of security of personal data.
Consumers increasingly more to share their personal data, including payment information, with a growing number of e-retailers. The keys that protect your personal data are the passwords used for these sites, and weak passwords could be disastrous for the security of your personal data. Dashlane ranks the top 100 e-minoristas password policies and reveals some serious concerns.
The Roundup assesses policies of passwords of the best 100 ecommerce sites in the United States by examining 24 different criteria passwords that Dashlane has been identified as important for online security, and grant or mesh points depending on whether a site meets a criteria or not. Each criterion is given a +-point value, leading to a possible total score between - 100 and 100 for each site.
Main results:
55% still accept notoriously weak passwords such as "123456" or "password" 51% do not make any attempt to block the entrance after incorrect password 10 tickets (including Amazon, Dell, Best Buy, Macy and Williams-Sonoma) 64% are highly questionable practices password (which gets a negative total score in roundup) 61% does not provide advice on how to create a password during the signup, and 93% not a screen evaluation force password scored only 10% above the threshold for a good password policies (i.e., 45 points or more in the roundup) 8 places, Toys "r" Us, j. Crew and 1-800-Flowers.com, email passwords in text without formatting
Apple received the highest rating and was the sole distributor to receive a perfect score, while Newegg, Microsoft, Chegg (tied for second) and white completed the top 3.
MLB.com, Puresmokeonline and Dick Sporting Goods received the three lowest scores. Amazon, Walmart, secret victory and Toys "r" us were among scores lower ranked site as received - 35 or below.
These results are worrying, especially when discussed in the context of numerous security problems in recent major online retailers such as Starbucks. They suggest that some of the sites of e-commerce in the United States fail to implement basic password policies that could adequately protect the personal data of its users.
Users at risk
The danger of a weak password policy is that it leaves the personal data of users vulnerable. The weaker, easier password is for hackers to enter in an account. Therefore, sites with indulgent password policies are leaving users exposed to greater risk.
Most sites accept that ten of the most commonly used passwords such as "123456", "111111" and even the word "password". Dashlane also discovered that 62% do not require a combination of letters and numbers, and 73% accept passwords with 6 characters or less. MLB even allows users to use the word "baseball" as your password.
In addition to allow weak passwords, a number of ecommerce sites do not block accounts of users after repeated failed access attempts. Numerous sites, including Amazon and Dell, allow uninterrupted attempts normal login even after 10 innings incorrect password. One of the easiest methods the hackers to enter in an account is automated entry of passwords used. Restrict access to your account after multiple incorrect entries is a simple way to curb this tactic.
When you combine the two previous editions, it is easy for hackers to access many accounts because they can try passwords commonly used repeatedly without being blocked.
Also among the most dangerous practices is the sending of passwords in text format by email. Fortunately, this practice was not common, but the study found that several sites, including Toys "r" Us, j. Crew and 1-800-Flowers.com, still email the user passwords in plain text.
The solution is Simple
To make your password more secure policies, Dashlane recommends that e-commerce sites adopt some simple policies:
Requires that passwords contain at least 8 characters and a combination of upper and lowercase letters, numbers and symbols block account access after 4 failed logons give users on-screen advice on choosing a password strong during high provides users with a screen evaluation of password while choosing a passwordAll of these practices can be implemented cheaply and fast with the available open source technology. A number of sites in the top 100, including Williams-Sonoma, Chegg and CDW, has already implemented many of these practices.
Some retailers may argue that such requirements impede comfort for the user, but companies like Apple, arguably the most famous brand in the list, they have shown that it is possible to be safe and successful. In every category we tested, Apple implemented simple policies and procedures that we recommend for over 4. These policies resulted in the company which was awarded the perfect score only in the Studio.
White, Nike and Microsoft also received scores as all of them require users to have strong passwords containing letters, numbers and upper/lower case combinations.
No comments:
Post a Comment