Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | How to Cut the Cable Cord | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Which Websites Have the Worst Password Policies

by on May 21, 2014
in Computer Safety & Support, News, Computers and Software, Internet & Networking, Blog, Privacy :: 0 comments

Password entry screenThis year’s Heartbleed security scare really highlighted the importance of creating strong, unique passwords that are hard to for every site you visit. While some websites have upped their required level of password security since, a newly released Dashlane Security Report suggests a number of big name companies are lagging behind with outdated, unsafe password policies.

According to Dashlane, there are six factors that go into a strong password policy: a long minimum password length, requiring the use of letters and numbers, an on-screen password strength meter, sending password change confirmation emails, locking out accounts after 10 unsuccessful logins and not allowing common words like “password” to be used as your password. Dashlane’s Security Report assigns a security score based on how many of these factors come into play when creating passwords for the net’s 83 most popular sites. You can see a breakdown of the score for each site in its Roundup Results chart.

Of the companies researched, only Apple received a perfect security score of 100. Windows Live (85), UPS (75), Microsoft Store (75), Kapersky Lab (70) and Target’s e-commerce site (70) all received excellent scores as well.

Match.com, meanwhile, came in at the absolute bottom of the security study with a “security score” of negative 70. That's due in part to the fact the site allows one-character passwords. Hulu (-55), Overstock (-55), Fab (-50) and Amazon (-45) all fell at the absolute bottom of the survey. That suggests a number of accounts on these sites are vulnerable to brute force password attacks.

Dashlane Security Roundup infographic

Of course, just because a company has a weak password policy doesn’t mean you should feel OK with creating a weak password for the site. Techlicious recommends you check out these 5 tips for creating strong passwords.

Here is the full list of website security scores from the Dashlane report: 

Website Category Security Score Rank Minimum Password Length Alphanumeric Password Mandatory On-screen Password Strength Meter Password Change Confirmation Email Account Lockout after 10 Incorrect Logins Allows 'password' as Password
1800Flowers E-commerce -37.5 69 1 N N N N N
Airbnb Travel -40 70 5 N N N N Y
Amazon E-commerce -45 74 6 N N Y N Y
American Airlines Travel -20 47 6 N N Y Y Y
AOL Social Utilities 15 29 6 N Y Y Y N
Apple E-commerce 100 1 8 Y Y Y Y N
AVG Internet security -30 57 6 N N N Y Y
Avira Internet security -30 57 5 N N N Y Y
Basecamp Productivity utilities -42.5 73 6 N N N N N
Best Buy E-commerce 35 17 10 N Y Y Y N
Bitdefender Internet security -40 70 6 N N N N Y
BlackPlanet Dating -17.5 46 6 Y Y N N N
Booking.com Travel 12.5 30 8 N Y N Y Y
BullGuard Internet security -25 51 8 N N N Y Y
Christian Mingle Dating 25 22 8 Y N Y Y Y
Craigslist E-commerce 20 27 8 N N N Y N
CVS E-commerce 25 22 7 Y N Y Y N
Dell E-commerce 22.5 26 6 Y N Y Y N
Delta Travel -32.5 62 6 N N Y N Y
Dropbox Productivity utilities -15 43 6 N Y Y Y Y
eBay E-commerce 30 19 6 Y Y Y N N
eHarmony Dating -25 51 8 N N N N Y
Etsy E-commerce -20 47 6 N N Y N Y
Evernote Productivity utilities -25 51 6 N Y Y N Y
Expedia Travel -35 64 6 N N Y N Y
Fab E-commerce -50 80 1 N N N N Y
Facebook Social Utilities 10 31 6 N N Y Y N
Gap E-commerce -25 51 5 N Y Y Y Y
Gmail Social Utilities 25 22 8 N Y Y N N
GoDaddy Productivity utilities 65 7 9 Y N N Y N
Groupon E-commerce -45 74 6 N N N N Y
GrubHub Social Utilities 7.5 32 8 N Y Y N N
Home Depot E-commerce -20 47 5 N N Y Y Y
HootSuite Productivity utilities -15 43 6 N Y N Y Y
Hotels Travel 2.5 36 6 Y N N N N
HP E-commerce -40 70 6 N N N Y Y
Hulu Social Utilities -55 81 6 N N N N Y
JCPenney E-commerce -12.5 42 6 N N N Y N
JDate Dating -35 64 4 N N Y N Y
JetBlue Travel -2.5 40 8 N N N N Y
Kaspersky Lab Internet security 70 5 8 Y N Y N N
Kayak Travel -32.5 62 6 N N Y N N
Kickstarter Social Utilities -45 74 6 N N Y N Y
Kmart E-commerce 17.5 28 6 Y N N Y N
LinkedIn Social Utilities 0 37 6 N N Y N N
LivingSocial E-commerce -35 64 6 N N Y N Y
Lowe's E-commerce 5 33 6 Y N Y N N
MailChimp Productivity utilities 27.5 21 6 Y N Y Y N
Match.com Dating -70 83 1 N N Y N Y
McAfee Internet security 35 17 8 Y N Y Y N
Microsoft Store E-commerce 75 3 8 Y N Y Y N
Moz Productivity utilities -30 57 5 N N Y N Y
Nike E-commerce 50 10 8 Y N N N N
Nordstrom E-commerce 30 19 7 Y N Y Y N
Norton Internet security 5 33 6 N N Y Y N
OkCupid Dating -35 64 5 N N Y N Y
Orbitz Travel -45 74 6 N N Y N Y
Overstock E-commerce -55 81 5 N N N N Y
Panda Internet security -25 51 6 N Y Y N Y
PayPal Productivity utilities 50 10 8 Y N Y Y N
Pinterest Social Utilities 0 37 6 N N Y Y N
Priceline Travel 37.5 15 8 Y Y N Y N
Salesforce Productivity utilities 40 13 8 Y Y N N N
Skype Social Utilities 37.5 15 6 Y Y Y Y N
Southwest Travel -30 57 6 N Y N N N
Staples E-commerce -15 43 6 N N Y Y Y
StubHub E-commerce 40 13 8 Y Y Y N N
Target E-commerce 70 5 8 Y N Y Y N
Ticketmaster E-commerce -35 64 5 N N Y Y Y
Toys"R"Us E-commerce 50 10 8 Y N Y N N
Travelocity Travel -30 57 6 N N Y N Y
Twitter Social Utilities 0 37 6 N Y Y N N
United Airlines Travel 25 22 8 Y N N N N
UPS Productivity utilities 75 3 8 Y N Y Y N
US Airways Travel -45 74 5 N N N N Y
Victoria's Secret E-commerce -45 74 4 N N N Y Y
Walgreens E-commerce 60 9 8 Y N Y Y N
Walmart E-commerce -25 51 6 N N Y Y Y
Windows Live/Hotmail Social Utilities 85 2 8 Y N Y Y N
Yahoo Mail Social Utilities 65 7 8 Y N N Y N
Zappos E-commerce -20 47 6 N N Y Y Y
ZocDoc Social Utilities 5 33 6 N N N Y N
Zoosk Dating -2.5 40 8 N N N N Y

  

[Password Box via Shutterstock; Dashlane Security Report Infographic via Dashlane]



Discussion loading

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose