Weak authentication practices in popular SaaS apps

Amid a wave of online security incidents related to the COVID-19 pandemic and remote work, password security is more important than ever. While users deal with antispyware, antivirus and antimalware software because of hackers, they overlook how ruthless hackers are with passwords. A compromised password can cause great financial and personal damage.

An analysis by Specops Software found that popular enterprise web applications have inadequate password and authentication requirements that could leave customers vulnerable, including allowing users to set weak and cracked passwords, often with little or no strong authentication.

For ex., Shopify, a popular ecommerce and web presence platform, fails to prevent any compromised passwords, with its only requirement that passwords be at least 5 characters. This means the password requirements is met in 99.7% of the 1 billion known passwords that have been cracked. Although SaaS apps such as Shopify, Zendesk, Trello, and Mailchimp offer multi-factor authentication (MFA) as an option when creating an account, it's not a requirement.

For detailed information on each service's password requirements, see Help Net Security.