password-security
When it comes to web password security, there are the terrible, terrible passwords people use and then there are the websites that let them. Or, put another way, give people enough rope and many of them will, indeed, hang themselves.

Dashlane, a company that sells a password manager of the same name, has assessed the world’s top 100 websites for password security and published the results (pdf) for all to see. Unsurprisingly, Apple comes out on top with a perfect password security score of 100, while a long list of “trusted” companies, like Amazon, do less well:

The roundup assesses the password policies of the top 100 e-commerce sites in the US by examining 24 different password criteria that Dashlane has identified as important to online security, and awarding or docking points depending upon whether a site meets a criterion or not. Each criterion is given a +/- point value, leading to a possible total score between -100 and 100 for each site — Dashlane.

web-password-security-top-10-bottom-10

— 55 percent still accept notoriously weak passwords, such as “123456” or “password”
— 51 percent of websites, including Amazon, Dell and Best Buy, make no attempt to block entry after 10 incorrect password entries
— 64 percent have highly questionable password practices
— 61 percent do not provide any advice on how to create a strong password during signup and 93 percent do not provide an on-screen password strength assessment
— Only 10 percent scored above the threshold for good password policies (i.e. 45 points or more in the roundup)
— 8 sites, including Toys “R” Us, J.Crew and 1-800-Flowers.com, send passwords in plain text via email

Yep, give ’em enough rope and people will hang themselves. Sad, but true.

Practitioners of false equivalence will argue that password security is two-fold — websites and users. However, if more websites took password security seriously, users would have to create and use more secure passwords…

What’s your take?

Image: Tested, Via Ars Technica

4 COMMENTS
  1. Thankful to have my Roboform to help me create unique passwords and remember them for me. I can’t believe people still use these type of passwords when there are tools to create difficult passwords for you.

  2. I think everyone should be using password managers like RoboForm at this point. Too many hacks going on right now not to have a strong password.

  3. Happy to see Newegg and Musicians Friend in the top 10, that covers 70% of my online shopping! I definitely agree with the other comments suggesting use of a password manager, they allow you to generate unique passwords for every website you visit (because clearly after reading this some cant be trusted as much as others!) RoboForm appears to be the industry standard for password management.

LEAVE A REPLY
Please enter your comment!
Please enter your name here