You might want to check on your Shopify login credentials, as security experts have found that the ecommerce website builder doesn't protect users adequately due to its lax password requirements.
Password security is currently the best way protect yourself from security breaches. Unfortunately, the average user doesn't follow the majority of password best practices, often using the same password for multiple accounts and choosing short, easy-to-guess words to secure their accounts.
Unfortunately, it appears Shopify is at least somewhat enabling this behavior by allowing users to create some seriously uncomplicated passwords to sign up for its service.
Shopify Only Requires 5-Character Password
In a Specops report this week, security researchers found that Shopify's password requirements are not nearly robust enough for adequate user protection. The report noted that Shopify “fails to prevent compromised passwords” by allowing users to choose passwords with as few as five characters.
As for how likely a password is to get hacked with that few variables, researchers pointed out that it was quite common:
“When checking the list of one billion known breached passwords, the Specops researchers found that 99.7% of the passwords meet Shopify’s requirements.”
There's been plenty of research done on how long your password should be if you want to sufficiently deter hackers from accessing your information, and let's just say, it's definitely a lot longer than five characters.
Even worse, Shopify doesn't prevent the use of the word “shopify” in its words, so many of the passwords found in Specops research included “shopify,” “shshopify,” “myshopify,” and “shopify123.” As you can imagine, this doesn't exactly improve the overall security of a user's account.
Considering Shopify powers nearly four million live websites across the internet, security should certainly be a top priority for the ecommerce website builder. Still, does this kind of lapse mean you should stop using Shopify?
Should You Still Use Shopify?
If you're currently using Shopify or are interested in signing up for the popular ecommerce website builder, don't let this report deter you. Shopify is not forcing its users to utilize unsafe passwords to secure their accounts, so you can still employ best practices to make sure you're as safe as possible.
Still, given the average user has more than 100 passwords, it's safe to say that password best practices are getting pretty hard to follow in 2022. Thinking of 100 unique, 12+ characters words or phrases is hard enough, let alone remembering them all for each account. So how do you stay safe without a photographic memory?
The best way to do it is by getting a password manager. These tools are inexpensive digital tools that can store passwords, suggest secure passwords, and alert you when your passwords have been compromised. And considering our research found that Shopify is the best ecommerce website builder on the market, you'll want to make sure that your security is all taken care of beyond a 5-character password.