Earlier this year, we examined the password policies of the top 100 e-commerce sites in the US and France, and found that most e-commerce sites have security policies that are a bit outdated for the age of account cracking and data breaches that the rest of us are living in.

Today we’re releasing the UK edition of our Personal Data Security Roundup that examined 26 different password security criteria. Below are some of our key findings:

  • 66% accept notoriously weak passwords such as “123456” or “password”, putting users in danger as these are often the first passwords hackers use when trying to breach accounts.
  • 66% make no attempt to block entry after 10 incorrect password entries (including Amazon UK, Next, Tesco and New Look). This simple policy prevents hackers from using malicious software that can run thousands of passwords during log-ins to breach accounts.
  • 60% do not provide any advice on how to create a strong password during signup, and only 14% display a password meter to help their users gauge the strength of their chosen password.
  • 25% send passwords in plain text via email, including The Body Shop, Clarks and Superdrug, which gives any hacker that has access to your email account access to your other accounts.

Each criteria examined was given a +/- point value enabling each website to achieve a total score between 100 and -100. In comparing total scores, we can see that Apple again takes the #1 spot for data protection, with Travelodge UK coming in at a close second. Urban Outfitters received the lowest score, followed by 11 other companies who share the second lowest.


By comparing the UK to the research performed in France and in the US few weeks ago, we can see that the UK compared somewhat favorably to the US where e-commerce sites generally deploy more rigorous online security processes:

UK-US-France Comparison2


UK-US-France Comparison

The complete study is available here. You’ll also find the complete list of site rankings and the methodology here.

It’s clear that it’s time for companies to implement better password security, which can be done cheaply and quickly using open-source technology. On the flip side, consumers can protect themselves by creating strong passwords that are long (more than 8 characters), complex (include a letter, number, a mix of upper and lower case letters, and/or symbols).

The easiest way to create and remember strong passwords is with a password manager, like Dashlane, which generates unique passwords for you, saves them to your account, and autofills them online. Your data is protected with world-class security and encryption, and is only accessible to you. Learn more, and get it free at here.