It’s no secret that the internet has a serious password problem. Much of the time, we, the users, are at fault; generally speaking, we’re still prone to using lazy phrases like “123456” and “password” to secure our personal information. Equally important, though, are the password security policies of the internet’s individual sites; there’s no standard practice for securing information from site to site, leaving some more vulnerable than others to breaches. And now, according to a new survey from the password management company Dashlane, many prominent sites that routinely collect consumer data have dangerously lax password requirements in place.
According to the study, which used 22 password criteria to judge 80 top websites, more than 86% received a “subpar”score of below +50, the study’s minimum requirement for password security. Of the sites surveyed, Match.com, Hulu, Overstock, Fab, and Amazon posted the lowest scores for allowing users to accept weak and generic passwords. Apple (the only company to receive a perfect score), Microsoft, UPS, Target, GoDaddy, and Yahoo Mail were among the highest for including on-screen password strength, disallowing generic passwords, and requiring long, alphanumeric phrases.
While by no means a comprehensive measure of website security, the results paint a concerning picture for the already-flawed password infrastructure. The study, which was conducted after numerous high-profile security breaches like last month’s Heartbleed bug (which was thought to affect up to two-thirds of the internet), showed that major sites that collect personal information like LinkedIn, Evernote, Amazon, and Dropbox fall short of asking for the most basic password requirements.
As many security experts will note, the password is a deeply imperfect security method, and there’s no permanent solution in sight. Back in April, 1Password’s Dave Chartier told BuzzFeed the “biggest obstacle is probably human behavior — the sheer desire to do things we’re not interested in in the shortest time possible.” With that in mind, it’s time more sites stepped up to help save us from ourselves.