Dashlane's 2017 Password Power Rankings Reveal How Consumer and Enterprise Websites Handle User Security
GoDaddy, Stripe, and QuickBooks Lead With Best Password Policies
NEW YORK, Aug. 9, 2017 /PRNewswire/ -- Today, password manager Dashlane releases its 2017 Password Power Rankings, the results of a deep dive into the password practices of over 40 popular consumer and enterprise websites.
For more information, visit: blog.dashlane.com/dashlane-password-power-rankings-2017/
Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that almost half (46%) of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements.
The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others.
GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5.
"We created the Password Power Rankings to make everyone aware that many sites they regularly use do not have policies in place to enforce secure password measures. It's our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account," said Dashlane CEO Emmanuel Schalit. "However, companies are responsible for their users, and should guide them toward better password practices."
To determine the ranking, Dashlane researchers examined sites against password security criteria, such as requiring eight or more-character passwords with a combination of letters, numbers, and symbols, and offering two-factor authentication. A site received a point for each test where it performed positively, for a maximum, and top score, of five. A score of 3/5 was deemed as passing and meeting the minimum threshold for good password security (complete methodology below).
CONSUMER RANKINGS:
- 5/5 Score (Best)_
- GoDaddy
- 4/5 Score
- Apple
- Best Buy
- The Home Depot
- Microsoft/Live/Outlook
- PayPal
- Skype
- Toys "R" Us
- Tumblr
- 3/5 Score
- Airbnb
- Slack
- Snapchat
- Staples
- Target
- Twitch
- Wordpress
- Yahoo
- 2/5 Score
- Amazon
- eBay
- Starbucks
- Venmo
- 1/5 Score
- Dropbox
- Evernote
- Macy's
- SoundCloud
- Walmart
- 0/5 Score (Worst)
- Netflix
- Pandora
- Spotify
- Uber
ENTERPRISE RANKINGS
- 5/5 Score
- Stripe
- QuickBooks
- 4/5 Score
- Basecamp
- Salesforce
- 3/5 Score
- GitHub
- MailChimp
- SendGrid
- 2/5 Score
- DocuSign
- MongoDB (mLab)
- 1/5 Score
- Amazon Web Services
- Freshbooks
Methodology
The study was conducted by Dashlane researchers from July 5 – July 14, 2017. The researchers examined (5) password security criteria on 37 popular consumer websites and apps, as well as 11 popular enterprise websites. A site received a point for each criterion they performed positively, for a maximum, and top score, of 5. A score of 3/5 was deemed as passing and meeting the minimum threshold for good password security.
1. 8+ Characters
1. Tested by creating a new account on each website. Dashlane researchers attempted to create passwords less than 8 characters irrespective of the sites' stated minimum password requirements.
2. Alphanumeric
1. Tested by creating a new account on each website. Researchers attempted to create passwords with all letters ("aaaaaa") or numbers ("111111").
3. Password Strength Assessment
1. Tested by creating a new account on each website. If the site provided any notification, such as a meter or color-coded bar, they were credited as providing an assessment. Sites that only provided confirmed password length or where requirements were met did not receive credit.
4. Brute Force Attack Simulation
1. Researchers attempted to login using incorrect passwords. If the tester was able to continue entering incorrect credentials after 10 attempts without receiving any security mechanism, such as a CAPTCHA code or the account automatically locking, the site did not receive credit.
5. 2-Factor Authentication
1. A site was given credit if they offer any 2-factor or multi-factor authentication.
About Dashlane
Dashlane makes identity and checkouts simple with its password manager and secure digital wallet app. Dashlane allows its users to securely manage passwords, credit cards, IDs, and other important information via advanced encryption and local storage.
Dashlane has helped over 7.5 million consumers in 150 countries manage and secure their digital identity. Dashlane Business, a product designed to protect company passwords, is trusted by 6,000+ companies to create, enforce, and track effective access management. Dashlane features the only patented security architecture in the industry.
The app is available on PC, Mac, Android, and iOS, and has won critical acclaim from top publications, including: The New York Times, The Wall Street Journal, and USA Today.
SOURCE Dashlane
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article