A study conducted by Dashlane has discovered that some of the most popular consumer and enterprise websites have very poor password protection. The firm graded its subjects on a scale of 0 to 5, with the latter score awarded to companies that have the best password safekeeping practices. A rating of 3, on the other hand, is the passing score, meaning that the companies with this grade employ sufficient precautions against potential security exploits. During the course of the study, researchers attempted to register accounts with passwords containing less than 8 characters. Moreover, they also tested whether the services accept passwords that are comprised purely of letters or numbers. Other practices that Dashlane examined include the presence of an indicator that checks the strength of the registered code, use of CAPTCHA or other similar measures if there are repeated instances of failed login attempts, and offering either two-factor or multifactor authentication when applicable.
The rankings were separated into two categories, one for consumer websites and the other for enterprise-focused services. Among the consumer-focused enterprises, GoDaddy, an internet domain registrar and web hosting firm, got the highest possible mark. Popular websites like Google, Snapchat, Reddit, Yahoo, and Facebook all got a grade of 3, which is the passing score. In addition, Apple, Microsoft, Tumblr, and Paypal performed a bit higher, with each garnering 4 points. Online retailer Amazon and Microsoft's social networking site LinkedIn both failed in this study, with each earning a score of 2. However, the poorest performers in this group are Spotify, Netflix, Uber, and Pandora. All of these services had a mark of 0, which means that they do not follow any of the practices that Dashlane has included in its study.
Meanwhile, Stripe, a provider of financial infrastructure and fraud prevention mechanisms, and Quickbooks, a cloud service that focuses on accounting applications, performed the best among the enterprise offerings. At the other end of the spectrum, both Amazon Web Services and Freshbooks have considerably poor password safeguards. With a score of 1, Amazon's enterprise product was actually rated worse than its more mainstream counterpart. Moving forward, this study could hopefully prompt those who had low ratings to improve their security requirements.