Skip to main content

Top UK retailers putting online customers at risk

If you were thinking about doing your holiday shopping online, make sure you be extremely careful, as e-retailers don't have solid safety policies, new research shows.

According to the E-Commerce Security Roundup study by password manager Dashlane, the majority of the UK’s most popular e-commerce sites have unsafe password practices. This leaves online shoppers vulnerable to increasingly sophisticated hacking attacks.

Overall, 80 per cent of the sites Dashlane examined did not meet the minimum score of +50, and 52 per cent received negative scores, indicating they have exceptionally weak password requirements. Dashlane’s testers found that 80 per cent of the sites they examined do not require users to have a capital letter and a number/symbol combination in their password.

They also found that 56 per cent of sites allow users to have a password less than eight characters long, including IKEA, Amazon UK, and eBay.

Further analysis revealed that 16% allow users to have use 10 of the most common (and weakest) passwords as their password. This means users on sites such as Wickes, River Island, and Asda Groceries can use easily guessable passwords, such as ‘password,' ‘abc123’, and ‘123456’.

For the third time in a row, Apple received a perfect score and was the highest ranked site in the Dashlane study. Apple requires long, complex alphanumeric passwords, and does not accept easily hackable passwords. Several notable sites also have strong password requirements, including Boots, John Lewis, and Very.

Another improvement was seen in the percentage of sites that require a letter and/or number or symbol that increased from 42 per cent to 72 per cent. Two examples of this were Ebay and House of Fraser, whose scores both rose because their password requirements became stricter.