News from the Wire

Specops finds major weaknesses in five popular web services

Friday, August 05, 2022 — 13:07:17 (EDT)

STOCKHOLM (PRWEB) JULY 19, 2022--Specops Software, a leading provider of password management and user authentication solutions, today released new research finding major cybersecurity weaknesses in popular web services including Shopify, Zendesk, Trello, and Stack Overflow.

Amid a wave of cybersecurity incidents related to the COVID-19 pandemic, remote work, and nation-state activity, password security is more important than ever. However, this new research reveals that several popular business web applications have failed to implement critical password and authentication requirements to protect customers from cybercrime. Specops’ analysis found inadequate password and authentication requirements that could leave customers vulnerable, including allowing users to set weak and breached passwords, often with little or no strong authentication in place. On the other hand, email marketing service Mailchimp proved to be the most secure service analyzed, blocking 98% of known breached passwords.

Detailed findings about each service’s password requirements include:

Shopify fails to prevent any compromised passwords, with its only requirement that passwords be at least 5 characters. When checking the list of 1 billion known breached passwords, the Specops researchers found that 99.7% of the passwords meet Shopify’s requirements.

Zendesk prevents less than 2% of compromised passwords, with password requirements including that passwords be a minimum of 5 characters, fewer than 128 characters, and different from a user’s email address.

Trello blocks less than 13% of compromised passwords, requiring only that passwords be at least 8 characters in length.

Stack Overflow – the runner-up in Specops’ analysis – prevents 46% of compromised passwords, with requirements that passwords be a minimum of 8 characters and include a number and special character.

Mailchimp blocks 98% of known compromised passwords, with requirements including an 8 character minimum and a mix of upper and lower case letters, numbers, and special characters.

“What’s troubling about these findings is that when hackers can’t access a company’s data directly, they often use a backdoor approach, accessing a service used by the company or its employees to identify vulnerabilities,” said Darren James, Head of Internal IT, Specops Software. “To compensate, IT departments should work to reduce the overall password burden, employing tools such as an enterprise password manager and blocking the use of weak and compromised passwords. Additionally, employees should be strongly encouraged to use multi-factor authentication whenever possible.”

Shopify, Zendesk, Trello, and Mailchimp offer multi-factor authentication as an option when creating an account, but it is not a requirement. While Mailchimp and Stack Overflow have the most stringent password requirements of the services analyzed, neither requires multi-factor authentication or checks user passwords against compromised passwords.

Methodology

Data for this Specops analysis was based on a comparison of password requirements against a subset of the Specops Breached Password Protection database, a list containing 1 billion known compromised passwords. The company also announced the addition of over 160 million compromised passwords to the database. This latest update comes from both its own internal attack monitoring systems as well as the addition of millions of compromised passwords collected through HashMob.

To learn more about issues related to password requirements, check out Specops Software’s 2022 Weak Password Report or contact Specops today.

About Specops Software

Specops Software an Outpost24 group company, is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

The Outpost24 group is pioneering cyber risk management with continuous vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 40 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our Cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters. Visit outpost24.com for more information.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information: bankcardlife.com?orid=33533&opid=1 .

Source: Company press release.