You would expect the security of your personal information to be a top concern for any company that collects it, but Dashlane's latest Password Power Rankings suggest that isn't the case. Many top companies don't enforce strong password standards, which lets users create short, weak passwords. And while you should always aim to create strong passwords whether a website insists or not, sometimes we all slip up — and many websites let you get away with it.
Dashlane checked the password policies of 40 major consumer and enterprise websites to see what kind of passwords users could create. It checked whether passwords on these sites were required to be eight characters or longer and include both letters and numbers, all of which are important for strong passwords. Then it checked whether the site offered a password strength assessment (though these aren't perfect), whether it locked you out after a certain number of failed login attempts, and whether it offered 2-factor authentication. While none of these guarantee users will make a strong password, these rules ensure passwords meet a minimum standard for security.
Unfortunately, only three of the sites Dashlane tested met all of these requirements: GoDaddy, Stripe, and QuickBooks. Worse, some of our favorite sites met none of these standards, including Netflix, Spotify, Pandora and Uber. That means you could create a password like "aaaaaa" or "111111" without the site complaining — and, as you can imagine, passwords like that would be very easy to hack. (Consult the box below for a list of how top consumer sites fared.)
In the end, the security of your passwords is up to you. Even if a service allows you to create weak passwords, you should be sure your passwords are as strong as you can make them. In addition to making your passwords at least eight characters and using both letters and numbers, as the Dashlane study tested for, you should also:
- Avoid making your password a single word from the dictionary. Combine multiple words or use acronyms instead.
- Don't just replace a couple of letters or vowels in words. Hackers are aware of the common ways people use to d!sguise comm0n words and password strength meters often fail to flag these as weak passwords.
- In addition to numbers, add capital letters, special characters and punctuation.
- Don't make your password out of information like birthdays, which can be easy to guess.
- Don’t use the same password on more than one site, which means one site getting hacked could compromise every account you have.
- Turn on two-factor authentication so that even if hackers acquire your password they won't be able to access your account.
While following these tips may make your passwords hard to remember, a password manager will help (though you will still have to remember the password to your password manager). A good password manager can even generate random passwords for every site you create a login for, which makes for super secure passwords you can't forget.
[Image credit: weak password concept via BigStockPhoto]