This post comes from Sean T. Johnston at our partner site Zing.
If you’re like most Americans, you probably don’t pay much attention to creating impenetrable passwords for your online accounts. According to Splashdata, an online password provider, the list of the top online passwords are just terrible from a security standpoint.
The good news is that “password” is no longer the number one password online (it’s now number two!). The bad news is that “123456” took the top spot; “abc123” and “111111” were also among the top 10.
C’mon people, really? Your financial information, emails and personal data are online, and the only thing protecting your information from people with nefarious intentions is “123456”?
Now that we’ve addressed your terrible passwords, let’s talk about the websites that allow them. In fairness, they should know better than to let a flimsy string of sequential numbers be the only layer of password cyber security for their customers.
According to a recent study by Dashlane, a password management application, not all online companies have the same commitment to ensuring their clients create rock-solid passwords. The Dashlane study scored many leading websites on their password policies. You can read the full study here, or a summary on Gizmodo.
Key Points from the Dashlane Study
- Over half of the 100 largest e-retailers still accept weak passwords like “abc123” and “123456”.
- Over half of the websites tested do not block entry to an account after 10 incorrect password attempts.
- 61% of the websites don’t offer any assistance to new registrants in creating secure passwords.
- Only 10% of the online retailers tested met Slashdata’s criteria for “good password policies, ” a score of 45 or above.
- Eight sites tested send passwords in plain text via email, which is widely considered among Internet security experts to be a bad idea.
Only one major online retailer, Apple, scored a perfect 100 in the Slashdata study, while several major websites were in negative territory. Amazon, Overstock and Office Depot were among those with low security scores.
The Fix is Simple
The problem is clear, but what would it take to solve it? According to the study, there are four things online retailers can do to improve their security policies:
- Require that all passwords contain at least eight characters with a combination of upper and lowercase letters, numbers and special characters.
- Block account access attempts after four failed password entries.
- Give users on-screen advice for creating secure passwords when they sign up.
- Assess the strength of passwords as users are creating them.
When it comes to lax password security it’s clear that there’s work to be done on both sides of the equation. We, as consumers, need to put a little more attention into creating secure passwords than we currently do. On the other hand, several major Internet retailers clearly need to beef up their policies and stop enabling us to create lazy passwords.
Or, we can just wait until alpha-numeric passwords are obsolete. That day is not too far off, either.
More stories from Zing: