Some online retailers have dismal password security - KALB-TV News Channel 5 & CBS 2

Some online retailers have dismal password security

Posted: Updated:

(CBS News) -- When deciding which web sites and web services to patronize, you probably don't consider their password security policies. But as a recent study shows, perhaps it's something you should take into account.

Recently, password manager vendor Dashlane studied what it considered to be the top 100 e-commerce websites, specifically looking to assess their security policies. The resulting report ranked the sites from best to worst, and called out especially bad performers.

Here are some general results:

  • More than half – 55 percent – of e-commerce sites accept weak passwords like "password" or "123456".

  • Also more than half – 51 percent – do not block incorrect entries, even after 10 tries.

  • Only about 10 percent of the surveyed sites met Dashlane's criteria for enforcing strong passwords.

  • Some of the best sites in the Dashlane study were Apple, Microsoft, Newegg, and Target. At the bottom of the list were sites like 1-800-Flowers, J. Crew, Toys R Us, and MLB. And while you as a user can easily work around some poor password policies – even if a site doesn't require a strong password, for example, you can still create one yourself – some of these sites have policies that are downright dangerous.  1-800-Flowers, J. Crew, and Toys R Us, for example, send you your passwords in plain text via email – that's downright reckless.

  • Among the other "notable" sites with low scores were Macy's, Amazon, Overstock.com and Walmart. These sites scored low primarily because they allow more than 10 log-in attempts without locking out the user. 

What precautions can you take to protect yourself despite lax password policies at sites you frequent? Here's a summary of what it takes to keep your passwords secure online:

  • First and foremost, don't re-use passwords at different websites. No matter how strong you make a password, if it gets compromised at one site, you don't want that to unlock other sites as well.

  • Password strength comes from length, not overall complexity. Make it at least 8 characters long, and the longer the better (though many sites limit password length).

  • Combine upper and lowercase, numbers, and symbols. Also, use less common symbols – exclamation points are so commonly used in passwords that they are factored into password hacking as if they were an ordinary character.

  • Use a password manager to track your passwords. It's far better to use a program like LastPass, Roboform, or Dashlane than to write down a password or repeat it for ease of memorization.

  • If you're creating a password yourself, refer to a password strength meter to assess its relative strength. Microsoft offers one, for example. Another alternative: Most password managers will generate a strong password for you.

  • As many security experts have pointed out, pass phrases – long chains of common words – are far more secure than an 8 or 12-character string of letters and numbers. If a site supports it – especially a site that has your financial information – use that instead.

  • Finally, if you have the option, rely on a site's two factor authentication. That's a system in which you need to enter both a password and some other form of security, such as a code that's texted to your phone. Sites like Google, Twitter, Facebook, and PayPal support two factor authentication when you try to log in on a device that's different than your usual PC or phone.
© 2014 CBS Interactive Inc.. All Rights Reserved.
  • Most Popular StoriesMost Popular StoriesMore>>

  • Rapides crash kills Pineville man

    Rapides crash kills Pineville man

    Sunday, April 20 2014 8:37 PM EDT2014-04-21 00:37:35 GMT
    RAPIDES PARISH (KALB News Channel 5) -- A crash involving two vehicles killed a man from Pineville, LA Sunday morning.More >>
    RAPIDES PARISH (KALB News Channel 5) -- A crash involving two vehicles killed a man from Pineville, LA Sunday morning.More >>
  • Ruby Wise Spring Carnival

    Ruby Wise Spring Carnival

    Sunday, April 20 2014 11:34 PM EDT2014-04-21 03:34:33 GMT
    (KALB News Channel 5) - We went out to the Ruby Wise Elementary Spring Carnival to see how they celebrate the warmer weather!More >>
    (KALB News Channel 5) - We went out to the Ruby Wise Elementary Spring Carnival to see how they celebrate the warmer weather!More >>
  • Massive Traffic Crash on I-10 in Beaumont, TX

    Massive Traffic Crash on I-10 in Beaumont, TX

    (Beaumont, TX- KBMT) Interstate 10 remains closed in both directions between Taylor Bayou and Hamshire Road (at Mile Marker 835) in Beaumont, Texas, because of a multiple vehicle accident with numerousMore >>
    (Beaumont, TX) - Investigators believe fog is to blame for a massive pile-up on Interstate-10 involving more than 100 vehicles on Thanksgiving Day. At least two people were killed and dozens of injuries have been reported.More >>
Powered by WorldNow
Powered by WorldNow
All content © Copyright 2000 - 2014 WorldNow and KALB. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms of Service.