These Companies Provide A Benchmark For Password Strength

We are never shy about insisting that certain standards are met when devising passwords, but many major companies are seemingly far less worried about password security than we are. A recent study conducted by the password manager developer Dashlane paints a troubling picture of the state of password security, providing anecdotal evidence in the form of some very well-known and trusted companies scoring at the low end of the password security spectrum.

For this study, Dashlane evaluated more than 40 business-to-consumer and business-to-business websites based on their adherence to five password security standards. The study ultimately focused on:

• Whether or not passwords were required to be at least eight characters long.
• If alphanumeric passwords (those that use both letters and numbers) were required.
• If the website provided an assessment of a proposed password’s strength.
• Whether or not logins were locked after too many failed attempts.
• If two-factor authentication was available or not.

The results of this study were fairly surprising, given the sheer size and amount of resources many of these companies could ostensibly commit to enforcing better password habits. Only three of the evaluated companies--GoDaddy, QuickBooks, and Stripe--adhered to all five of the standards, and some--Netflix, Pandora, Spotify and Uber--didn’t adhere to any.

In short, these sites don’t require long or complicated passwords, don’t offer two-factor authentication, and don’t tell a user when their password isn’t secure enough--plus, they are vulnerable to brute-force attacks, meaning that your credentials will not be locked after too many failed attempts to guess them.

Regardless of what kind of password requirements an account actually requires, it’s important to make sure you always follow some basic steps to protect yourself. Don’t use the same password across multiple accounts, and make sure your password at least utilizes letters, numbers, and symbols (whenever possible) and even capital and lowercase letters.

Direct Technology Group can help you establish these practices. Give us a call at (954) 739-4700 to get started.