Amazon, Walmart, Macy’s, Office Depot, others called out for weak password policies, putting consumers at risk

Amazon, Walmart, Macy’s, OfficeDepot and Staples have the worst password policies out of all the nation’s top 100 online retailers, according to a study released Friday.

 

“The danger with a weak password policy is that it leaves users’ personal data vulnerable. The weaker the password, the easier it is for hackers to break into an account. Therefore, sites with lenient password policies are leaving their users exposed to greater risk,” said Internet security firm Dashlane, which conducted the study.

 

The firm examined password requirements and features of the top 100 e-commerce retailers in the United States.

Each company was evaluated based on 25 criteria. Most of the weight was placed on the account creation process (when new customers sign up) on the companies’ websites. For example, minimum password length could be positive (add to score) or negative (subtract from score) depending if it was under five or over eight characters.

 

Of the 10 most used retailers online, the worst for password security were:

* Amazon (-40)

* Walmart

* Office Depot

* Macy’s (-35)

* Staples (-30)

 

The top rated were:

* Apple (perfect 100)

* BestBuy (40)

* OfficeMax (25)

* Dell, Sears (tied at 19)

 

Two online retailers — 1-800-Flowers.com and Northern Tool — allow users to have passwords as short as ONE character. Urban Outfitters will accept three characters while Victoria’s Secret will accept 4.

 

Among the most dangerous practices is sending passwords in plain text by email, Dashlane said. “Thankfully this practice was not prevalent but the study found that several sites, including Toys”R”Us, J. Crew and 1-800-Flowers.com still email users’ passwords in plain text.”

See on www.jsonline.com