Websites with Best and Worst Password Security -- Study

By on

Apple, Hotmail, Microsoft Store, and UPS are the internet sites with the best password security while, Amazon, Groupon, US Airways, and Victoria's Secret are among the sites with the worst password security according to the second password security roundup conducted by Dashlane.

The study conducted after the Heartbleed bug erupted examined 22 password criteria that are critical to password security from more than 80 most popular internet websites. For each criterion a +/- point value was scored with the highest possible score as +100 and -100 as the lowest score. A score of +50 was set as the minimum requirement for good password security. The Web sites examined fall under the six categories, namely: Dating, E-Commerce, Security, Productivity, Social Utilities, and Travel.

The study further revealed that 86 percent of the internet sites did not meet the minimum requirement score for adequate password policies leaving internet users highly susceptible for internet threats. Among the popular sites that scored way below the threshold level are AOL, Best Buy, Gmail, Groupon, LinkIn, eBay, Skype, Twitter, Craiglist, Facebook, Pinterest, and United Airlines.

There are also 53 percent of the internet sites who got negative scores in the study. Among them are Amazon, American Airlines, Dropbox, Fab, Gap, Groupon, Home Depot, Victoria's Secret, and Walmart.

Furthermore, 51 percent of the internet sites such as Gmail, Amazon, eBay, and Nike did not lock the user's account after 10 incorrect password attempts. This unsafe practice allows hackers to guess the password using commonly used passwords, input them into the log-in screen, and steal user's data.

The study also revealed that 43 percent of the internet sites like Dropbox, Walmart, and Delta accepted the worst passwords such as "123456." There are also 48 percent of the internet sites that accepts "password" as the password inputted by users. Among these sites are Amazon, American Airlines, Dropbox, eHarmony, Fab, Gap, Home Depot, JetBlue,, US Airways, Ticketmaster, Walmart, and Christian Mingle.

There are even Web sites that allows users to create new accounts with just letter "a" as the password such as Fab, 1800Flowers, and

 In a Dashlane press release, it was also mentioned that there are Web sites like Gap and Airbnb that store their user's credit card information and only required a five character password. These practices leave their consumers at high risk for credit card fraud.

Dashlane pointed out several suggestions to address the password security problems that most companies faced. Among the suggestions are using 8 characters as minimum password length, using alpha-numeric and case sensitive password, setting up email confirmations for password changes, not accepting the 10 worst passwords on the web and not allowing login attempts after 10 incorrect password tries.

To see the password security scores of the internet sites included in the study, visit

Also Read:

5 Fresh Features of Apple OS X Mavericks 10.9.3

Google Chrome Update on Possibly Clicking Goodbye to Long URLs: Bane or Boon?

Sony Xperia M2: Five Fresh Features to Expect from New Smart Phone

Join the Discussion