Dashlane’s first Personal Data Security Roundup was released today! The roundup takes a look at password policies of the top 100 e-commerce sites, and the results are staggering.

Most e-commerce sites, which often store their users’ personal info, including credit cards, have password policies that seem to be from a more naive era… perhaps one not riddled with account crackings and data breaches. Here’s an infographic of what the results of our study show:

Click on the infographic for full size version.

INFOGRAPHIC - THE ILLUSION OF PERSONAL DATA SECURITY IN ECOMMERCE

Key findings:

  • 55% still accept notoriously weak passwords such as “123456” or “password”
  • 51% make no attempt to block entry after 10 incorrect password entries (including Amazon, Dell, Best Buy, Macy’s and Williams-Sonoma)
  • 64% have highly questionable password practices (receiving a negative total score in the roundup)
  • 61% do not provide any advice on how to create a strong password during signup, and  93% do not provide an on-screen password strength assessment
  • Only 10% scored above the threshold for good password policies (i.e. 45 points or more in the roundup)
  • 8 sites, including Toys “R” Us, J.Crew and 1-800-Flowers.com, send passwords in plain text via email

Your password is barricade between you (and anyone else) and your account. They should be long (more than 8 characters) and complex (include a letter, number, a mix of upper and lower case letters, and/or symbols).

The easiest way to create and remember strong passwords is with a password manager, like Dashlane, which generates unique passwords for you, saves them to your account, and autofills them online. Your data is protected with world-class security and encryption and is only accessible to you. Learn more and get it free at here.

The full study and methodology behind this roundup can be found here. The press release is also available here. For questions, contact ryan(at)dashlane.com.