Top e-retailers may be too lenient about customer password security
January 29, 2014 02:42 PM
Apple Inc. tops other major e-retailers in in offering online shoppers password security, says a new study from Dashlane called “The Illusion of Personal Data in E-Commerce: Dashlane Q1 2014 Personal Data Security Roundup.” The password management company found that most top retailers have weak password and security policies, but Apple, No. 3 in Internet Retailer’s 2013 Top 500 Guide, came out on top.
Dashlane assessed the password policies and security measures of Internet Retailer’s Top 100 e-retailers from the Top 500 Guide (excluding sites that require paid subscription and conglomerates that own multiple sites). The company examined 24 password criteria that it identifies as important to online security and awarded and docked points according to whether or not the site meets those criteria. They are each given a point value and scored between 100 and -100.
Among these retailers, the companies with the most secure password policies (highest scores) are Apple, the only retailer to receive a perfect score, while Newegg Inc., Microsoft Corp. and Chegg Inc. and Target Corp. follow.
The retailers with the least secure password policies are MLB Advanced Media, KarmaLoop.com and Dick’s Sporting Goods Inc. Other top retailers such as Amazon.com Inc. , Walmart.com, Victoria’s Secret (owned by Limited Brands) and Toys ‘R’ Us Inc. are also among some of the lowest-scoring retailers with the least-secure password policies. There was no immediate comment from these retailers.
Out of all 100 retailers, 55% accept weak passwords such as “123456” or “password,” and 51% make no attempt to block entry after 10 incorrect password entries, which can be troublesome if hackers use a method of automating the entry of commonly used passwords to gain access to customers’ personal data, according to Dashlane.
The report also found that 64% of the retailers assessed have “highly questionable” password practices, resulting in a negative total score in the roundup, and 61% do not provide any advice to consumers about how to create a strong password during signup. Out of 100 retailers only 10% scored above the threshold for “good” password policies, which Dashlane determines as 45 points or higher.
Dashlane says passwords should contain at least eight characters and a combination of upper and lowercase letters, numbers and symbols, and blocking access after four failed logins.
Walmart Inc. had a Dashlane score of -40 and is No. 4 on Internet Retailer’s Top 500 Guide and Amazon.com Inc. had a Dashlane score of -40 and is No. 1 on Internet Retailer’s Top 500 Guide.
The 10 highest Dashlane scores are as follows, with Top 500 rankings:
- Apple Inc., score of 100, No. 3 in Internet Retailer’s 2013 Top 500 Guide
- Newegg Inc., 65, No. 14
- Microsoft Corp., 65, No. 82
- Chegg Inc., 65, No. 103
- Target Corp., 60, No. 18
- Williams-Sonoma Inc., 55, No. 22
- CDW Corp., 50, No. 13
- Amway, 45, No. 32
- Musician’s Friend Inc., 45, IR No. 50
- Nike Inc., 45, No. 72
The 10 lowest Dashlane scores are as follows:
- MLB Advanced Media, Score of -75, No. 114 in Internet Retailer’s 2013 Top 500 Guide
- Karmaloop.com, -70, No. 118
- Dick’s Sporting Goods Inc., -65, No. 94
- Toys ‘R’ Us Inc., -60, No. 30
- Aéropostale Inc., -60, No. 111
- J.Crew Group, -55, No. 56
- Vitacost.com Inc., -50, No. 87
- Nutrisystem Inc., -50, No. 104
- American Girl LLC, -50, No. 116
- 1-800-Flowers.com, -46, No. 58
Retailers either declined to comment or did not immediately respond to requests for comment. Dashlane plans to release another roundup in the second quarter of fiscal year 2014.