Apple.com does more to protect your password, study of top 100 sites finds

Apple.com does more to protect your password, study of top 100 sites finds

Jan 24th 2014, 19:00, by Dan Goodin

Aurich Lawson / Thinkstock

Apple, Microsoft, Chegg, Newegg, and Target do the best job of safeguarding customer passwords, according to a comprehensive study of the top 100 e-commerce websites that also ranked Major League Baseball, Karmaloop, Dick's Sporting Goods, Toys R Us, and Aeropostale as performing the worst.
Apple.com was the only site to receive a perfect score of 100, which was based on 24 criteria, such as whether the site accepts "123456" and other extremely weak passwords and whether it sends passwords in plaintext by e-mail. Microsoft and academic supplier Chegg tied for second place with 65, while Newegg and Target came in third with 60. By contrast, MLB received a score of -75, Karmaloop a -70, Dick's Sporting Goods a -65, and Aeropostale and Toys R US each got a -60. Each site was awarded or deducted points based on each criterion, leading to a possible score from -100 and 100. The study was conducted by researchers from password manager Dashlane based on the password policies in effect on the top 100 e-commerce sites from January 17 through January 22.

An epidemic of poor passwords

Amazingly, 55 percent of the sites accepted weak passwords such as "123456" and "password," while Toys R US, J.Crew, 1-800-Flowers.com, and five other sites sent passwords as plaintext in e-mails. Sixty-one of the sites provided no advice on how to create a strong password when creating an account, while only seven sites provided any type of on-screen meter to help assess the strength of a chosen password.