A new report from password management firm Dashline, Inc. has discovered that a majority of America’s most popular e-commerce websites these holidays fail a fundamental password security test. The report called the Ecommerce Security Roundup, analyzed the password security policies of 25 of the most popular online merchants in the United States on 22 criteria with each requirement being offered a +/- point value that ended with a site receiving a score between -100 and +100.
A score of +50 is Dashlane’s minimum requirement for good password practices. Based on the criterion the report discovered, a remarkable 80 percent of the websites tested do not satisfy the minimum protected password threshold.
72 percent of test websites were discovered to not require a password with an uppercase and a number or sign (a de facto password security standard in 2015) with 56 percent of sites allowing users to have a password less than eight characters long, including IKEA, Macy’s, and eBay.
32 percent of sites had password security that accepted the 10 most typical passwords, including:
E-commerce websites guilty on this front included REI, Wayfair, Walmart, and Amazon.
Not all websites tested were bad, with Apple receiving a perfect rating and making it the highest ranked site in the study. To obtain this score and likewise supply enhanced security for its consumers, Apple needs long, complex alphanumeric passwords, and does not accept easily hackable passwords.
“Apple’s password security policies must serve as the gold standard for online sellers,” Dashlane CEO Emmanuel Schalit stated.
“By requiring their customers to produce strong passwords they are ensuring they have a strong first line of defense. We praise other sellers, such as Best Buy and Target, who have made excellent strides in making password security a priority.”
Other sites that had strong password requirements included ToysRUs and Bed Bath and Beyond.