Some online retailers have dismal password security - KALB-TV News Channel 5 & CBS 2

Some online retailers have dismal password security

Posted: Updated:

(CBS News) -- When deciding which web sites and web services to patronize, you probably don't consider their password security policies. But as a recent study shows, perhaps it's something you should take into account.

Recently, password manager vendor Dashlane studied what it considered to be the top 100 e-commerce websites, specifically looking to assess their security policies. The resulting report ranked the sites from best to worst, and called out especially bad performers.

Here are some general results:

  • More than half – 55 percent – of e-commerce sites accept weak passwords like "password" or "123456".

  • Also more than half – 51 percent – do not block incorrect entries, even after 10 tries.

  • Only about 10 percent of the surveyed sites met Dashlane's criteria for enforcing strong passwords.

  • Some of the best sites in the Dashlane study were Apple, Microsoft, Newegg, and Target. At the bottom of the list were sites like 1-800-Flowers, J. Crew, Toys R Us, and MLB. And while you as a user can easily work around some poor password policies – even if a site doesn't require a strong password, for example, you can still create one yourself – some of these sites have policies that are downright dangerous.  1-800-Flowers, J. Crew, and Toys R Us, for example, send you your passwords in plain text via email – that's downright reckless.

  • Among the other "notable" sites with low scores were Macy's, Amazon, Overstock.com and Walmart. These sites scored low primarily because they allow more than 10 log-in attempts without locking out the user. 

What precautions can you take to protect yourself despite lax password policies at sites you frequent? Here's a summary of what it takes to keep your passwords secure online:

  • First and foremost, don't re-use passwords at different websites. No matter how strong you make a password, if it gets compromised at one site, you don't want that to unlock other sites as well.

  • Password strength comes from length, not overall complexity. Make it at least 8 characters long, and the longer the better (though many sites limit password length).

  • Combine upper and lowercase, numbers, and symbols. Also, use less common symbols – exclamation points are so commonly used in passwords that they are factored into password hacking as if they were an ordinary character.

  • Use a password manager to track your passwords. It's far better to use a program like LastPass, Roboform, or Dashlane than to write down a password or repeat it for ease of memorization.

  • If you're creating a password yourself, refer to a password strength meter to assess its relative strength. Microsoft offers one, for example. Another alternative: Most password managers will generate a strong password for you.

  • As many security experts have pointed out, pass phrases – long chains of common words – are far more secure than an 8 or 12-character string of letters and numbers. If a site supports it – especially a site that has your financial information – use that instead.

  • Finally, if you have the option, rely on a site's two factor authentication. That's a system in which you need to enter both a password and some other form of security, such as a code that's texted to your phone. Sites like Google, Twitter, Facebook, and PayPal support two factor authentication when you try to log in on a device that's different than your usual PC or phone.
© 2014 CBS Interactive Inc.. All Rights Reserved.
  • Most Popular StoriesMost Popular StoriesMore>>

  • Two men arrested in Avoyelles heavy equipment theft case

    Two men arrested in Avoyelles heavy equipment theft case

    Monday, September 15 2014 2:26 PM EDT2014-09-15 18:26:26 GMT
    AVOYELLES PARISH, La. (KALB News Channel 5) - According to Sheriff Doug Anderson, two men are under arrest by Avoyelles Parish Sheriff's Office for their alleged involvement in a multi-parish operation. More >>
    AVOYELLES PARISH, La. (KALB News Channel 5) - According to Sheriff Doug Anderson, two men are under arrest by Avoyelles Parish Sheriff's Office for their alleged involvement in a multi-parish operation. More >>
  • APD arrests two for narcotics, weapon

    APD arrests two for narcotics, weapon

    Monday, September 15 2014 12:00 PM EDT2014-09-15 16:00:17 GMT
    ALEXANDRIA, La. (KALB News Channel 5) - On September 11, 2014 Agents with the Central Louisiana Safe Streets Task Forceexecuted a search warrant in the Riverwynd Apartments.More >>
    ALEXANDRIA, La. (KALB News Channel 5) - On September 11, 2014 Agents with the Central Louisiana Safe Streets Task Forceexecuted a search warrant in the Riverwynd Apartments.More >>
  • Houston doctor charged with poisoning her lover

    Houston doctor charged with poisoning her lover

    Monday, September 15 2014 3:56 PM EDT2014-09-15 19:56:13 GMT
    HOUSTON (AP) - Prosecutors say a 43-year-old breast cancer doctor based at Houston's famed Texas Medical Center had a "fatal attraction" to a fellow physician who rejected her, prompting her to poison her lover by lacing his coffee with ethylene glycol.More >>
    HOUSTON (AP) - Prosecutors say a 43-year-old breast cancer doctor based at Houston's famed Texas Medical Center had a "fatal attraction" to a fellow physician who rejected her, prompting her to poison her lover by lacing his coffee with ethylene glycol.More >>
Powered by WorldNow
Powered by WorldNow
All content © Copyright 2000 - 2014 WorldNow and KALB. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms of Service.