Pages

Business Web Apps for Shopify, Zendesk and Others Found to Have Massive Cybersecurity Weaknesses

With cybersecurity incidents increasing at such a rapid rate, proper password hygiene has become essential because of the fact that this is the sort of thing that could potentially end up keeping cyberattacks at bay. In spite of the fact that this is the case, an analysis by Specopssoft has revealed that some of the most popular web apps for businesses lack basic password requirements that can shore up their systems from potential attacks from cybercriminals.

For example, with Zendesk the researchers found that only about 2% of passwords met basic requirements. The platform’s own requirements were a bit too broad, such as requiring that users don’t use their email addresses as their passwords. Other requirements such as a minimum password length of 5 characters are also somewhat underwhelming, and Zendesk like so many other contemporaries does nothing to make its users add unique characters to their passwords to keep them from getting into the wrong hands.

Similarly, when looking into about a billion Shopify accounts that had been breached and had their passwords leaked, analysts found that almost every single password, or 99.7% of them to be precise, met Shopify’s password requirements with all things having been considered and taken into account. This means that Shopify’s password guidance tips are sorely lacking, and informing users about proper password hygiene might reduce the number of accounts who have their credentials stolen.

The increase in cybercrime is definitely a cause for concern, but it should be noted that many breached accounts could have been protected had they followed simple password hygiene protocols. Out of all of the platforms that were studied, only Mailchimp was found to encourage good password hygiene.

This platform managed to block around 98% of passwords that were commonly breached and compromised. It also had some of the most stringent password requirements such as requiring at least eight characters and forcing users to mix numerals, upper and lower case letters as well as special characters so that only high end brute forcing can hack into the accounts which can improve their security quite a bit.


Read next: 96% of Organizations Faced Phishing Attempts in the Past Year, New Survey Reveals

No comments: