Apple is the most complete password protection website

After the "Heart of Blood" vulnerability was discovered, site administrators hastily patched up and enhanced the protection of vulnerable components on the server such as passwords and accounts.

Many websites have recommended users to change their passwords after patching. However, according to the company that provides Dashlane password management software, websites have a lot of work to do with their password policies.

Evaluation methods

Dashlane researchers analyzed the password policies of more than 80 popular websites in the US, adding points to policies that improve security and deduct points for potentially risky policies. For example, a website that sends a confirmation email after changing the password is added 10 points, but a website that sends a notification including a clear password is deducted 30 points. A site that accepts a 3-character or shorter password is deducted 5 points, a website that requires a password of at least eight characters is added 20 points.

The range of scores is very wide from perfect 100 points to extremely low -100 points. Dashlane evaluates a website at a relative safety level if it reaches 50 points. Only 14% of websites in the survey reached above 50 points, and 53% had disappointing scores.

Bad passwords

If the website does not do well the password policy, there are users who use horrible passwords such as " password ", " 123456 " and " qwerty ". Dashlane identifies the 10 worst passwords and subtracts 2.5 points from each of the bad passwords they accept. More than 40% of websites accept all 10 bad passwords. A few websites block all but accept the password " abc123 ".

1800Flowers.com, Fab.com, and Match.com are sites that accept the shortest password, only one character. BestBuy.com is the only website that requires passwords of more than 10 characters.

Result

Unique site of Apple won the perfect score of 100. Standing next is Microsoft services such as Windows Live / Hotmail with 85 points, UPS and Microsoft Store with 75 points. Target and Kaspersky Lab earn 70 points. Note that this article only mentions the Kaspersky website password policy, which does not evaluate the antivirus software of this company.

If you share your account password on the online dating site Match.com for other websites and services, you should change your password because Match.com has the worst score among the sites surveyed with -70 points. Hulu and Overstock have -55 points, Fab-50 points, and a few sites including US Airway and Amazon have a score of -45 points.

The average score of all websites is a negative number a little less than 0. Meanwhile, the average vibration point by category is very different. Dating, travel and security websites have an average score of -23, -17 and -5 points respectively. E-commerce websites, social gadgets and production facilities have an average score of 3, 12 and 13 points, respectively. This result shows that security companies seem to be too concerned about the world but forget their own websites.

The policy affects the password

There is a cross-reference between the password policy and the average password strength on each site. With the user's permission, Dashlane gathered and collected non-personal data about the power of each user's password ( not a password, only a power assessment ). Not surprisingly, there is a strong correlation between password and password policy.

According to Dashlane , websites should adopt policies such as requiring at least eight characters of passwords. Suggest that users use passwords including numbers and characters, including uppercase and lowercase characters. Send confirmation email every time the password is changed. And finally, lock the bad passwords on the website. On the user side, Dashlane recommends using a password that exceeds the minimum safety limit, and should use password management software because you run the risk of " gathering all the eggs in one basket." ".