Abstract
Despite the emergence of numerous authentication methods, passwords have remained the dominant authentication mechanism for e-commerce websites. However, password authentications if often widely criticized, especially due to the ease with which it can be compromised by end-users as they often have poor password security behaviors. Nevertheless, a plethora of evidence suggests that the blame should not only be placed on the users as many engage in poor password security practices because they lack sufficient guidance and support on how to maintain good password security behaviors. Indeed, many researchers over the years have shown that user password security behaviors can be significantly enhanced by provided guidance and support on how they can create and maintain strong passwords. Yet, it remains uncertain how well e-commerce website providers have learned these essential lessons. As such, this study is aimed at evaluating the password practices of e-commerce websites in South Africa (SA). After evaluating 37 leading e-commerce websites in the country, it was observed that the majority (92%) of the websites had poor password practices with over 81% offering no guidance for users to enhance their password behaviors. This problem is certainly worse than it should be in this day and age. Consequently, there is an urgent need for e-commerce service providers in SA to improve their password security practices as this is vital for enhancing the password behaviors of their website’s users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, Y., Peterson, R.A.: A meta-analysis of online trust relationships in e-commerce. J. Interact. Mark. 38, 44–54 (2017)
Verkijika, S.F.: Factors influencing the adoption of mobile commerce applications in Cameroon. Telematics Inform. 35, 1665–1674 (2018). https://doi.org/10.1016/j.tele.2018.04.012
Mybroadband.co.za: Takealot’s plan to grow its R2.3-billion annual revenue (2017). https://mybroadband.co.za/news/business/229775-takealots-plan-to-grow-its-r2-3-billion-annual-revenue.html. Accessed 26 Apr 2018
Fin24.Com: Spree records 500% growth (2014). https://www.fin24.com/Companies/Retail/Spree-records-500-growth-20140221. Accessed 26 Apr 2018
Smith, C.: How e-commerce is exploding in SA (2018). https://www.fin24.com/Economy/how-ecommerce-is-exploding-in-sa-20180316. Accessed 26 Apr 2018
Ndyali, L.: Adaptation and barriers of e-commerce in Tanzania small and medium enterprises. Dev. Country Stud. 3(4), 100–105 (2013)
Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. 10, 28–36 (2012)
Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 6, 130–141 (2016)
Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., et al.: Sp 800-63-1: electronic authentication guideline. In: National Institute of Standards and Technology (2011)
Furnell, S.: An assessment of website password practices. Comput. Secur. 26, 445–451 (2007)
Furnell, S., Khern-am-nuai, W., Esmael, R., Yang, W., Li, N.: Enhancing security behaviour by supporting the user. Comput. Secur. 75, 1–9 (2018)
Furnell, S.: Password practices on leading websites–revisited. Comput. Fraud Secur. 12, 5–11 (2014)
Butler, R., Butler, M.: The password practices applied by South African online consumers: perception versus reality. S. Afr. J. Inf. Manage. 17(1), 1–11 (2015). Art. #638
Clover, J.: Celebrity iCloud accounts compromised by weak passwords, not iCloud breach (2014). www.macrumors.com/2014/09/02/apple-no-celebrityicloud-breach/. Accessed 28 Apr 2018
Verkijika, S.F.: Evaluating and improving the usability of e-government websites in Sub-Saharan Africa for enhancing citizen adoption and usage. Ph.D. thesis, University of the Free State, Bloemfontein, South Africa (2017)
Greene, S.S.: Security Program and Policies: Principles and Practices. Pearson, Indianapolis (2014)
Guo, Y., Zhang, Z.: LPSE: lightweight password-strength estimation for password meters. Comput. Secur. 73, 507–518 (2018)
Splashdata: Worst passwords of 2017: Top 100 (2017). https://s13639.pcdn.co/wp-content/uploads/2017/12/Top-100-Worst-Passwords-of-2017a.pdf. Accessed 8 July 2018
Segreti, S.M., Melicher, W., Komanduri, S., Melicher, D., Shay, R., Ur, B., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: Symposium on Usable Privacy and Security (SOUPS) (2017)
Ur, B., Alfieri, F., Aung, M., Bauer, L., Christin, N., Colnago, J., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786. ACM (2017)
Stuart, T.: 50 of South Africa’s top e-commerce sites (2015). http://ventureburn.com/2015/08/50-south-africas-top-ecommerce-sites/. Accessed 1 Apr 2018
Rankin, K.: Why final passwords are at least 12 characters (2016). https://getfinal.com/company-news/2016/03/08/why-final-passwords-are-at-least-12-characters/. Accessed 2 May 2018
Gamby, R.: Minimum password length best practices: are 14-character passwords necessary? (2012). https://searchsecurity.techtarget.com/answer/Minimum-password-length-best-practices-Are-14-character-passwords-necessary. Accessed 2 May 2018
Cross, M.: Social Media Security: Leveraging Social Networking While Mitigating Risk. Syngress, Waltham (2014)
Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–604 (2011)
Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, pp. 1–20 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Website Name | Website URL |
|---|---|
Action Gear | |
Bidorbuy.co.za | |
Esque | |
Flook Sporting Deals | |
Futurama | |
Gemboree | |
Groupon South Africa | |
HomeChoice | |
iToys | |
Juniva.com | |
Kapas Baby & Toddler | |
Legwear Safari | |
LekkeSlaap | |
Loot.co.za | |
Macaroon Collection | |
Mantality | |
Norman Goodfellows | |
Orms Direct | |
Port2Port | |
Quicket | |
Raru | |
Red Square | |
RunwaySale | |
SassyChic.co.za | |
Seeds for Africa | |
Simplicity | |
Spree | |
Superbalist.com | |
Takealot.com | |
TravelGround | |
Travelstart | |
WebAntics Online | |
Wellness Warehouse | |
Wootware | |
Yuppiechef.com | |
Zando | |
ZumbaWear South Africa |
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Verkijika, S.F. (2019). An Evaluation of the Password Practices on Leading e-Commerce Websites in South Africa. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-11407-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11406-0
Online ISBN: 978-3-030-11407-7
eBook Packages: Computer ScienceComputer Science (R0)