Dashlane Analysis of Dating Websites Security:
How Safe Are You?
Three months have elapsed since the Ashley Madison data breach rocked the world, but it seems the site and many of its competitors still haven’t learned basic lessons about online security. New analysis from Dashlane, the password and identity manager shows that nearly all dating sites employ weak password practices. This is a concern for users of dating sites, some of whom have shared extremely personal information and expect their use of the site to be confidential.
In light of the Ashley Madison hack, Dashlane examined 24 of the world’s most popular dating sites and ranked their approach to password security. Dashlane’s experts assessed each site on 19 different criteria, including the minimum length of the required password and if there was a requirement for a mix of letters and numbers. The study also assessed whether the website made a password visible on entry or not, and if it rejected common passwords such as ‘12345678’ or ‘letmein’.
Researchers discovered that it was possible for hackers to determine Ashley Madison passwords where users employed codes that were too simplistic. Passwords are the first line of defense in remaining secure online, and dating websites aren’t doing enough to protect their users.
Dashlane’s analysis found that:
- Although they store highly sensitive data, dating websites lag behind major mainstream services in their approach to user password policies. For example, major internet firms such as Apple (100), Hotmail (88) and Gmail (76) score highly according to Dashlane’s criteria. Dating firms score relatively poorly in comparison; Christian Mingle has the most advanced score (88) and of 18 popular US dating websites, only six have a score greater than 50.
- The dating site arena demonstrates a wide range of results: Christian Mingle scores 88, when Badoo, Chemistry, Howaboutwe or Plenty of Fish score only 22. Users may want to bear this is mind when selecting which dating site to use.
- Key reasons behind the poor scores demonstrated by some of these services included sending users passwords in clear text (Badoo, Chemistry). On rival services match.com and Plenty of Fish, meanwhile, it is still possible to create a one letter password – an incredibly lackluster approach to password security and the privacy of its users.
- 50% of US most popular dating websites don’t send an email after a password has been changed.
Copy/paste share this infographic on Facebook or your blog!
Key things dating websites should do:
- Insist on passwords of at least 8 characters
- Insist on a mix of numbers and capital letters
- Provide advice during account creation on how to create a strong password
- Reject common passwords
- Avoid sending account creation emails that include log-in and password details
- Always notify users immediately after a password is changed