Skip to content ↓ | Skip to navigation ↓

A new analysis of over 40 popular consumer and enterprise websites revealed that many fail to implement the most basic password security requirements.

According to the Password Power Rankings study conducted by Dashlane, a surprising 46 percent of consumer sites have “dangerously lax” password policies, including widely used Dropbox, Netflix and Pandora.

Of the enterprise sites analyzed, another 36 percent fail to enforce strong password requirements, including DocuSign and Amazon Web Services.

Researchers examined the sites against the following five password security criteria: a minimum of eight characters in length; combining letters, numbers and symbols; providing a password strength assessment; limiting incorrect login attempts; and supporting two-factor authentication.

Only three websites garnered a perfect score: GoDaddy, and business service sites Stripe and Quick Books. Meanwhile, the password policies of Netflix, Pandora, Spotify and Uber were ranked the “worst,” failing to meet any of the five standards.

“It’s our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account,” said Dashlane CEO Emmanuel Schalit. “However, companies are responsible for their users, and should guide them toward better password practices.”

The report also found that between enterprise and consumer websites, the most common password security pitfalls included failing to block accounts after 10 brute force login attempts, as well as providing an on-screen password assessment during account creation.

The websites analyzed and their respective rankings are seen below:

Source: Dashlane

For additional findings and best practices, visit Dashlane’s blog here: