Research reveals weaknesses in five popular web services
New research from Specops Software finds major cybersecurity weaknesses in popular web services including Shopify, Zendesk, Trello, and Stack Overflow.
The study shows several popular business web applications have failed to implement critical password and authentication requirements to protect customers from cybercrime.
The analysis uncovered inadequate password and authentication requirements that could leave customers vulnerable, including allowing users to set weak and breached passwords, often with little or no strong authentication in place. On the other hand, email marketing service Mailchimp proved to be the most secure service analyzed, blocking 98 percent of known breached passwords.
Detailed findings include Shopify failing to prevent any compromised passwords, with its only requirement that passwords be at least five characters. When checking the list of a billion known breached passwords, the Specops researchers found that 99.7 percent of the passwords meet Shopify's requirements.
Zendesk prevents less than two percent of compromised passwords, with password requirements including that passwords be a minimum of five characters, fewer than 128 characters, and different from a user’s email address. Trello blocks less than 13 percent of compromised passwords, requiring only that passwords be at least eight characters in length.
Stack Overflow does better, preventing 46 percent of compromised passwords, with requirements that passwords be a minimum of eight characters and include a number and special character.
"What’s troubling about these findings is that when hackers can't access a company's data directly, they often use a backdoor approach, accessing a service used by the company or its employees to identify vulnerabilities," says Darren James, head of internal IT at Specops Software. "To compensate, IT departments should work to reduce the overall password burden, employing tools such as an enterprise password manager and blocking the use of weak and compromised passwords. Additionally, employees should be strongly encouraged to use multi-factor authentication whenever possible."
Although Shopify, Zendesk, Trello, and Mailchimp offer multi-factor authentication as an option when creating an account, it is not a requirement. While Mailchimp and Stack Overflow have the most stringent password requirements of the services analyzed, neither requires multi-factor authentication.
You can find out more on the Specops site.