Weak Password Policies: A Lack of Corporate Social Responsibility

Abstract

Data breaches continue to occur as weak password policies prevail on major websites, at costs reaching billions of dollars annually. Password attacks are a known cause of data breaches and abuse of user accounts. Enforcing strong password policies should be considered part of an organization’s corporate social responsibility. Major technology companies are socially obligated to go beyond internal policies to strengthen their password policies for external-facing consumer accounts to help reduce the risk of data breaches or sensitive data exposure. Strong, enforceable password policies are beneficial to reduce the risk of successful network attacks and prevent unauthorized access to sensitive data stored in online consumer accounts. This study includes a compilation of current password policies for major social media sites, online streaming services, and online retailers to demonstrate the lack of strong password requirements across multiple industries and spanning decades of corporate establishment in the online environment. Recommendations are provided for organizations to strengthen their password policies to align with NIST Special Publication 800-63-3 as part of their corporate social responsibility to provide protection for sensitive consumer data for millions of customers and online marketplace sellers.