Dashlane’s first quarterly Personal Data Security Roundup was released recently. The roundup takes a look at password policies of the top 100 e-commerce sites, and the results are staggering.
Most e-commerce sites, which often store their users’ personal info, including credit cards, have password policies that seem to be from a more naive era… perhaps one not riddled with account crackings and data breaches. Here’s an infographic of what the results of their study show. OUCH. Key findings:
- 55% still accept notoriously weak passwords such as “123456” or “password”
- 51% make no attempt to block entry after 10 incorrect password entries (including Amazon, Dell, Best Buy, Macy’s and Williams-Sonoma)
- 64% have highly questionable password practices (receiving a negative total score in the roundup)
- 61% do not provide any advice on how to create a strong password during signup, and 93% do not provide an on-screen password strength assessment
- Only 10% scored above the threshold for good password policies (i.e. 45 points or more in the roundup)
- 8 sites, including Toys “R” Us, J.Crew and 1-800-Flowers.com, send passwords in plain text via email
Since many of these sites do not enforce any kind of password standards, some security awareness training that educates employees how to create a strong password is not a bad idea!