Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

These Sites Bad Password Policies Put You in Danger

by Elizabeth Harper on August 09, 2017

You would expect the security of your personal information to be a top concern for any company that collects it, but Dashlane's latest Password Power Rankings suggest that isn't the case. Many top companies don't enforce strong password standards, which lets users create short, weak passwords. And while you should always aim to create strong passwords whether a website insists or not, sometimes we all slip up — and many websites let you get away with it.

Dashlane checked the password policies of 40 major consumer and enterprise websites to see what kind of passwords users could create. It checked whether passwords on these sites were required to be eight characters or longer and include both letters and numbers, all of which are important for strong passwords. Then it checked whether the site offered a password strength assessment (though these aren't perfect), whether it locked you out after a certain number of failed login attempts, and whether it offered 2-factor authentication. While none of these guarantee users will make a strong password, these rules ensure passwords meet a minimum standard for security.

Unfortunately, only three of the sites Dashlane tested met all of these requirements: GoDaddy, Stripe, and QuickBooks. Worse, some of our favorite sites met none of these standards, including Netflix, Spotify, Pandora and Uber. That means you could create a password like "aaaaaa" or "111111" without the site complaining — and, as you can imagine, passwords like that would be very easy to hack. (Consult the box below for a list of how top consumer sites fared.)

In the end, the security of your passwords is up to you. Even if a service allows you to create weak passwords, you should be sure your passwords are as strong as you can make them.  In addition to making your passwords at least eight characters and using both letters and numbers, as the Dashlane study tested for, you should also:

  • Avoid making your password a single word from the dictionary. Combine multiple words or use acronyms instead.
  • Don't just replace a couple of letters or vowels in words. Hackers are aware of the common ways people use to d!sguise comm0n words and password strength meters often fail to flag these as weak passwords.
  • In addition to numbers, add capital letters, special characters and punctuation.
  • Don't make your password out of information like birthdays, which can be easy to guess.
  • Don’t use the same password on more than one site, which means one site getting hacked could compromise every account you have.
  • Turn on two-factor authentication so that even if hackers acquire your password they won't be able to access your account.

While following these tips may make your passwords hard to remember, a password manager will help (though you will still have to remember the password to your password manager). A good password manager can even generate random passwords for every site you create a login for, which makes for super secure passwords you can't forget.

[Image credit: weak password concept via BigStockPhoto]


Computer Safety & Support, News, Computers and Software, Blog, Privacy

Dashlane explains their methodology: "To determine the ranking, Dashlane researchers examined sites against password security criteria, such as requiring eight or more-character passwords with a combination of letters, numbers, and symbols, and offering two-factor authentication. A site received a point for each test where it performed positively, for a maximum, and top score, of five.  A score of 3/5 was deemed as passing and meeting the minimum threshold for good password security."

We've added an asterisk next to those site with two-factor authentication. We highly recommend you turn it on, especially for those sites with lax password policies.


5/5 Score (Best)

  • GoDaddy*

4/5 Score

  • Apple*
  • Best Buy
  • The Home Depot
  • Microsoft/Live/Outlook*
  • PayPal*
  • Skype*
  • Toys “R” Us*
  • Tumblr*

3/5 Score

  • Airbnb*
  • Facebook*
  • Google*
  • Reddit
  • Slack*
  • Snapchat*
  • Staples*
  • Target
  • Twitch*
  • Wordpress*
  • Yahoo*

2/5 Score

  • Amazon*
  • eBay
  • LinkedIn*
  • Starbucks
  • Twitter*
  • Venmo*

1/5 Score

  • Dropbox*
  • Evernote*
  • Instagram*
  • Macy’s
  • Pinterest*
  • SoundCloud
  • Walmart*

0/5 Score (Worst)

  • Netflix
  • Pandora
  • Spotify
  • Uber

Discussion loading


From THOMAS NEWTON on September 03, 2017 :: 12:28 pm

Is there anything similar that would apply to an Android?



From Jones on September 20, 2017 :: 4:55 pm

The biggest problem is that a person can do everything right then Equifax, Target, Verizon, ect. gets hacked and there goes your information.  The police will tell you there’s nothing they can do about it, most likely a matter for the FBI who only work on high profile cases. 

I also find it hard to believe that people who read tech sites world use simple passwords. But anythings possible.


Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.