Doxy.meDoxy.me is a telemedicine platform used by doctors and therapists. It got the lowest marks of Mozilla's evaluation because it's only hosted through web browsers — meaning security falls to browsers, rather than an in-house app — it's unclear how Doxy.me manages potential vulnerabilities, and its password requirements are low.
"Our researcher found that the weak password '123' was an acceptable password," Mozilla wrote. "This is all a bit frightening for a video call app targeted at doctors, therapists, and their potentially vulnerable patients."
Doxy.me founder Brandon Welch told Business Insider that the company is in the process of upping its password requirements. The company doesn't store any information — only hosts video calls — so it prioritized usability over maximum security for patients, Welch said. He added that most doctors verify new patients' identity by asking for information like their date of birth, similar to traditional doctor's offices.
While Mozilla researchers wrote that they were unable to determine how Doxy.me manages vulnerabilities, the company's security analyst, Pat Thompson, told Business Insider that it uses penetration testing and consults security researchers. Thompson said he's telling Mozilla about the measures and expects them to update their rating in response.
Read Mozilla's full report here.