Unsafe password policies leave shoppers vulnerable

Dashlane examined password security policies on 25 of the most popular online retailers. They tested 22 criteria, and each criterion was given a +/- point value that enabled a website to receive a score between -100 and +100. A score of +50 is the minimum requirement for good password practices.

Testers found that 72% of the sites they examined do not require users to have a capital letter and number/symbol combination in their password. They also found that 56% of sites allow users to have a password less than eight characters long, including IKEA, Macy’s, and eBay.

80% of the examined sites did not meet the minimum score of +50, and 44% received negative scores, indicating they have dangerously weak password requirements.

Of greater concern was that nearly 1/3 (32%) allow users to use 10 of the most common (and weakest) passwords as their password. This means users on sites such as REI, Wayfair, Walmart, and Amazon can use easily guessable and unsafe passwords, such as ‘password’, ‘abc123’, and ‘123456’.

For the third time in a row, Apple received a perfect score and was the highest ranked site in the Dashlane study. Apple requires long, complex alphanumeric passwords, and does not accept easily hackable passwords. Several notable sites also have strong password requirements, including Target, ToysRUs, Best Buy, and Bed Bath and Beyond.