An Evaluation of the Password Practices on Leading e-Commerce Websites in South Africa

  • Silas Formunyuy VerkijikaEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 973)


Despite the emergence of numerous authentication methods, passwords have remained the dominant authentication mechanism for e-commerce websites. However, password authentications if often widely criticized, especially due to the ease with which it can be compromised by end-users as they often have poor password security behaviors. Nevertheless, a plethora of evidence suggests that the blame should not only be placed on the users as many engage in poor password security practices because they lack sufficient guidance and support on how to maintain good password security behaviors. Indeed, many researchers over the years have shown that user password security behaviors can be significantly enhanced by provided guidance and support on how they can create and maintain strong passwords. Yet, it remains uncertain how well e-commerce website providers have learned these essential lessons. As such, this study is aimed at evaluating the password practices of e-commerce websites in South Africa (SA). After evaluating 37 leading e-commerce websites in the country, it was observed that the majority (92%) of the websites had poor password practices with over 81% offering no guidance for users to enhance their password behaviors. This problem is certainly worse than it should be in this day and age. Consequently, there is an urgent need for e-commerce service providers in SA to improve their password security practices as this is vital for enhancing the password behaviors of their website’s users.


Password restrictions Password guidance e-Commerce website South Africa 


  1. 1.
    Kim, Y., Peterson, R.A.: A meta-analysis of online trust relationships in e-commerce. J. Interact. Mark. 38, 44–54 (2017)CrossRefGoogle Scholar
  2. 2.
    Verkijika, S.F.: Factors influencing the adoption of mobile commerce applications in Cameroon. Telematics Inform. 35, 1665–1674 (2018). Scholar
  3. 3. Takealot’s plan to grow its R2.3-billion annual revenue (2017). Accessed 26 Apr 2018
  4. 4.
    Fin24.Com: Spree records 500% growth (2014). Accessed 26 Apr 2018
  5. 5.
    Smith, C.: How e-commerce is exploding in SA (2018). Accessed 26 Apr 2018
  6. 6.
    Ndyali, L.: Adaptation and barriers of e-commerce in Tanzania small and medium enterprises. Dev. Country Stud. 3(4), 100–105 (2013)Google Scholar
  7. 7.
    Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. 10, 28–36 (2012)CrossRefGoogle Scholar
  8. 8.
    Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 6, 130–141 (2016)CrossRefGoogle Scholar
  9. 9.
    Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., et al.: Sp 800-63-1: electronic authentication guideline. In: National Institute of Standards and Technology (2011)Google Scholar
  10. 10.
    Furnell, S.: An assessment of website password practices. Comput. Secur. 26, 445–451 (2007)CrossRefGoogle Scholar
  11. 11.
    Furnell, S., Khern-am-nuai, W., Esmael, R., Yang, W., Li, N.: Enhancing security behaviour by supporting the user. Comput. Secur. 75, 1–9 (2018)CrossRefGoogle Scholar
  12. 12.
    Furnell, S.: Password practices on leading websites–revisited. Comput. Fraud Secur. 12, 5–11 (2014)CrossRefGoogle Scholar
  13. 13.
    Butler, R., Butler, M.: The password practices applied by South African online consumers: perception versus reality. S. Afr. J. Inf. Manage. 17(1), 1–11 (2015). Art. #638MathSciNetCrossRefGoogle Scholar
  14. 14.
    Clover, J.: Celebrity iCloud accounts compromised by weak passwords, not iCloud breach (2014). Accessed 28 Apr 2018
  15. 15.
    Verkijika, S.F.: Evaluating and improving the usability of e-government websites in Sub-Saharan Africa for enhancing citizen adoption and usage. Ph.D. thesis, University of the Free State, Bloemfontein, South Africa (2017)Google Scholar
  16. 16.
    Greene, S.S.: Security Program and Policies: Principles and Practices. Pearson, Indianapolis (2014)Google Scholar
  17. 17.
    Guo, Y., Zhang, Z.: LPSE: lightweight password-strength estimation for password meters. Comput. Secur. 73, 507–518 (2018)CrossRefGoogle Scholar
  18. 18.
    Splashdata: Worst passwords of 2017: Top 100 (2017). Accessed 8 July 2018
  19. 19.
    Segreti, S.M., Melicher, W., Komanduri, S., Melicher, D., Shay, R., Ur, B., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  20. 20.
    Ur, B., Alfieri, F., Aung, M., Bauer, L., Christin, N., Colnago, J., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786. ACM (2017)Google Scholar
  21. 21.
    Stuart, T.: 50 of South Africa’s top e-commerce sites (2015). Accessed 1 Apr 2018
  22. 22.
    Rankin, K.: Why final passwords are at least 12 characters (2016). Accessed 2 May 2018
  23. 23.
    Gamby, R.: Minimum password length best practices: are 14-character passwords necessary? (2012). Accessed 2 May 2018
  24. 24.
    Cross, M.: Social Media Security: Leveraging Social Networking While Mitigating Risk. Syngress, Waltham (2014)Google Scholar
  25. 25.
    Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–604 (2011)Google Scholar
  26. 26.
    Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, pp. 1–20 (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Science and InformaticsUniversity of the Free StateBloemfonteinSouth Africa

Personalised recommendations