After examining the password policies of the top 100 e-commerce websites in France and the United States, Dashlane has also reviewed the most popular sites in the United Kingdom.
Internet users will often set weak passwords such as “123456” or “password” because they’re easy to remember. The worst part is that they use the same password for all their online accounts.
This makes it easy for hackers to breach online accounts and use them for all sorts of malicious purposes. To prevent their customers from setting easy-to-guess passwords, many websites have implemented policies that force users to choose longer passwords made of both uppercase and lowercase letters, symbols and numbers.
Unfortunately, 66% of the top 100 e-commerce websites in the UK still allow their customers to set “123456” or “password” as a password. The same percentage – including Amazon, Tesco, New Look and Next – don’t block accounts after 10 incorrect login attempts. This makes the accounts susceptible to brute-force attacks.
Not only they don’t require users to set strong passwords, 60% of websites don’t even provide advice on how to do so when the account is created. Only 14% of services display a meter that informs internauts about the strength of the password they’re about to set.
So which company has the best password policies? It turns out that Apple does. Apple is followed by Travelodge UK. Urban Outfitters ranked the lowest. 11 companies have obtained the second lowest score.
Compared to the results from the France and US studies, the UK is, on average, somewhere in the middle – it’s worse than in the US, but better than France.
“It’s clear that it’s time for companies to implement better password security, which can be done cheaply and quickly using open-source technology,” Dashlane’s Ashley Thurston wrote in a blog post.
“On the flip side, consumers can protect themselves by creating strong passwords that are long (more than 8 characters), complex (include a letter, number, a mix of upper and lower case letters, and/or symbols),” Thurston added.
Users who can’t remember complex passwords are advised to use a password manager. Such tools are useful because you only need to remember one master password, the rest being safely stored inside the application.
Dashlane has a free password manager that’s worth trying out. It’s available not only for desktop computers, but also for iOS and Android devices.
The complete Personal Data Security Roundup for the UK is available on Dashlane’s website.