Websites with Best and Worst Password Security -- Study
By Ma Evelyn Castino Quilas | May 22, 2014 11:06 AM EST
Apple, Hotmail, Microsoft Store, and UPS are the internet sites with the best password security while Match.com, Amazon, Groupon, US Airways, and Victoria's Secret are among the sites with the worst password security according to the second password security roundup conducted by Dashlane.
The study conducted after the Heartbleed bug erupted examined 22 password criteria that are critical to password security from more than 80 most popular internet websites. For each criterion a +/- point value was scored with the highest possible score as +100 and -100 as the lowest score. A score of +50 was set as the minimum requirement for good password security. The Web sites examined fall under the six categories, namely: Dating, E-Commerce, Security, Productivity, Social Utilities, and Travel.
The study further revealed that 86 percent of the internet sites did not meet the minimum requirement score for adequate password policies leaving internet users highly susceptible for internet threats. Among the popular sites that scored way below the threshold level are AOL, Best Buy, Gmail, Groupon, LinkIn, eBay, Skype, Twitter, Craiglist, Facebook, Pinterest, and United Airlines.
There are also 53 percent of the internet sites who got negative scores in the study. Among them are Amazon, American Airlines, Dropbox, Fab, Gap, Groupon, Home Depot, Victoria's Secret, and Walmart.
Furthermore, 51 percent of the internet sites such as Gmail, Amazon, eBay, and Nike did not lock the user's account after 10 incorrect password attempts. This unsafe practice allows hackers to guess the password using commonly used passwords, input them into the log-in screen, and steal user's data.
The study also revealed that 43 percent of the internet sites like Dropbox, Walmart, and Delta accepted the worst passwords such as "123456." There are also 48 percent of the internet sites that accepts "password" as the password inputted by users. Among these sites are Amazon, American Airlines, Dropbox, eHarmony, Fab, Gap, Home Depot, JetBlue, Match.com, US Airways, Ticketmaster, Walmart, and Christian Mingle.
There are even Web sites that allows users to create new accounts with just letter "a" as the password such as Fab, 1800Flowers, and Match.com.
In a Dashlane press release, it was also mentioned that there are Web sites like Gap and Airbnb that store their user's credit card information and only required a five character password. These practices leave their consumers at high risk for credit card fraud.
Dashlane pointed out several suggestions to address the password security problems that most companies faced. Among the suggestions are using 8 characters as minimum password length, using alpha-numeric and case sensitive password, setting up email confirmations for password changes, not accepting the 10 worst passwords on the web and not allowing login attempts after 10 incorrect password tries.
To see the password security scores of the internet sites included in the study, visit https://www.dashlane.com/securityroundup.
To contact the editor, e-mail:
Most Popular Slideshows
- Real Life ‘Frozen’: Snow Overwhelms The US, Kills 7; More To Come (Pictures)
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
- Angelina Jolie, Brad Pitt in Sydney for ‘Unbroken’ Red Carpet Premiere [PHOTOS]
- G20 Summit Awkward Moments: Putin Yawns, Mystery Bubbles Appear, F18 Drama Ensues
Join the Conversation
- Walmart Early Price Matching Special Event On Nov. 21, 2014 Matches Its Competitors' Black Friday 2014 Prices And Includes Exclusive Deals For Samsung LED HDTVs And iPad Air 2 [WATCH VIDEO]
- US Plane Flying Over Russian Skies Spotted; Vladimir Putin Ready For 'Practical Cooperation' With US
- Walmart Pre-Black Friday 2014 Sale On Nov. 21, 2014 Includes Discounts On The 'NBA 2K15' For PS4 And The 'Skylanders Trap Team’ Starter Kit [WATCH VIDEO]
- Black Friday 2014 Sale: Top Deals On Game Consoles Xbox One, PS4, Nintendo Wii U And More
- Alleged 'Microsoft Lumia 1030' Front Panel Leaked With Capacitive Buttons; 'Xbox One' Owners To Get Free Goodies On Anniversary
- Nexus 6 Release Date And Price Under AT&T, T-Mobile And Sprint Listed
- More Bad News for Android 5.0 Lollipop As Problems Come In for Nexus and Other Devices