You are currently viewing Shopify Risking Customers Data by Employing Weak Password Policy

Shopify Risking Customers Data by Employing Weak Password Policy

Specops Software, a password manager, and authentication solutions vendor published a new report this week disclosing that e-commerce giant, Shopify with more than 3.9 million live websites globally, employs weak password policies on the user-facing section of its website. 

To create a Shopify account, users only need to create a password that is at least five characters in length and that does not begin or end with a space. 

Threat analysts at Specops examined a list of a billion breached passwords and unearthed that nearly every (99.7%) of those passwords comply with Shopify’s requirements. However, this does not mean that Shopify customers’ passwords have been breached, in fact, it only highlights the threats linked with using weak passwords. 

Shopify headquartered in Ottawa, Ontario was founded in 2006 by Tobias Lütke, Daniel Wenand, and Scott Lake following the trio’s failure to find a suitable off-the-shelf e-commerce platform for a planned snowboarding store, Snowdevil. 

Risk of using weak passwords 

According to security analysts at Specops, password attacks work because the majority of businesses require users to set short-length passwords. For example, starting with a common word, followed by a number and/or special character. The length of the password is also very defensive. 

Earlier this year, Hive Systems, a cybersecurity firm, analyzed the amount of time required to brute force crack passwords of multiple lengths and with different levels of complexity. The security analysts discovered that a five-character password can be easily breached, irrespective of complexity. Given the ease with which hackers can crack shorter passwords, organizations ideally require complex passwords that are at least 12 characters in length. 

Enterprises risking users’ data safety 

According to the survey conducted by identity management vendor Hitachi ID, nearly 46% of enterprises store corporate passwords in office documents like spreadsheets making them vulnerable to a significant cyber threat. Hitachi ID surveyed 100 executives across EMEA and North America to recognize better how secure their password management is. 

It suggests that businesses aren’t practicing what they preach because almost all (94%) participants asserted they need password monitoring training, with 63% claiming they do so more than once a year.

Enhancing IT security 

This, of course, raises the question of what businesses require to strengthen their overall password security. Perhaps the most critical recommendation would be to set a password requirement that is longer and more complex than what is currently used.
Businesses can employ Windows operating systems containing account policy settings to control password length and complexity requirements.

Additionally, organizations can use Specops Password Policy to restrict users from designing passwords vulnerable to dictionary assaults by blocking commonly employed passwords. This might include using consecutive repeating characters (such as 99999) or replacing letters impersonating symbols (such as $ instead of s).



Read the full article here

News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.