The report examined password security policies on 25 of the most popular online retailers. Dashlane tested 22 criteria, and each criterion was given a +/- point value that enabled a website to receive a score between -100 and +100. A score of +50 is Dashlanes minimum requirement for good password practices.
Dashlanes testers found that 72% of the websites they examined do not require users to have a capital letter and number/symbol combination in their password. They also found that 56% of websites allow users to have a password less than eight characters long.
80% of the websites Dashlane examined did not meet the minimum score of +50, and 44% received negative scores, indicating they have dangerously weak password requirements.
Of greater concern was that nearly 1/3 (32%) allow users to use 10 of the most common (and weakest) passwords as their password. This means users on some websites can use easily guessable and unsafe passwords, such as password, abc123, and 123456.
The percentage of websites with negative scores decreased from 53% to 44%, websites that allow 10+ brute force logins decreased from 51% to 35% and those accept the ten worst passwords decreased from 43% to 32%. The percentage of websites that scored below +50 decreased from 86% to 80%.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now