A shocking lapse in basic cybersecurity practices may leave online holiday shoppers vulnerable this season, warns a study by Dashlane Security.
In a survey of the 25 most popular online retailers, 80 percent of websites did not meet Dashlane’s standards for setting “minimum secure password threshold.” Apple scored the best, the only site with a perfect score. Dick’s Sporting Goods got the lowest score.
“A strong password is at least eight random characters long, and contains a mix of capital letters, lowercase letters, and numbers and/or symbols,” Dashlane CEO Emmanuel Schalit said in a statement. “This complexity is what keeps hackers from easily guessing your password.”
A wide shift towards online retail over the last decade — Dashlane estimates that nearly 50 percent of all holiday shopping will take place over the Internet in 2015 — has drastically increased the pool of potential hacking victims globally and upped the cybersecurity ante for retails firms.
Yet, according to the study, 72 percent of sites do not require passwords with a capital letter and a number or symbol, and nearly a third commit the security taboo of accepting the 10 most common passwords, including “password.”
Dashlane analyzed sites on 22 criteria, creating composite scores for each company that ranged from -100 to +100, with a score of +50 standing as the minimum safe password requirement. Apple, Target and Best Buy topped the list, with scores of 100, 85, and 75, respectively.
The weakest retailers were Dick’s Sporting Goods, Walmart and Amazon, with scores of -70, -65 and -44, indicating “dangerously weak password requirements.” Overall, 44 percent of sites received a negative score.
“It is encouraging to see positive password security trends in the world of e-commerce,” Schalit said. “Yet, while the numbers indicate retailers are moving in the right direction, much work remains. It’s 2015, so no website has an excuse for not implementing security policies that will better secure their users.”