In a comprehensive study of the password security policies of 100 e-commerce websites, Apple was the only site to receive a perfect score of 100.

Conducted by password-management company Dashlane (via Ars Technica), the Personal Data Security in E-Commerce Security Roundup [PDF] examined the password policies at various sites using 24 different criteria like acceptance of weak passwords and whether or not entry is blocked after failed attempts.

passwordscores

The roundup assesses the password policies of the top 100 e-commerce sites in the US by examining 24 different password criteria that Dashlane has identified as important to online security, and awarding or docking points depending upon whether a site meets a criterion or not. Each criterion is given a +/- point value, leading to a possible total score between –100 and 100 for each site.

While Apple was the only company to earn a score of 100, other companies, like Microsoft, Newegg, and Target also received high scores while Major League Baseball, Toys R Us and Aeropostale received some of the lowest scores.

The study revealed that 55 percent of online retailers accepted weak passwords like "password" or "123456" and 51 percent made no attempt to block entry after 10 incorrect password entries. 61 percent did not provide advice on how to create a strong password, and 93 percent did not provide an on-screen password strength assessement.

Apple, however, met and exceeded all criteria as the company has notoriously stringent password rules to encourage its users to create strong passwords.

Some retailers may argue that such requirements impede user convenience, but companies such as Apple, arguably the most famous brand on the list, have shown that it is possible to be both secure and successful. In every category we tested, Apple implemented the 4 simple policies and procedures we recommend above. These policies resulted in the company being awarded the only perfect score in the study.

When a new Apple ID account is created, users must have a password with at least eight characters, one lower case letter, one capital letter, and one number. The password cannot contain multiple identical consecutive characters, it can't be a common password, and it can't be the same as the account name.

Apple will also rate passwords as weak, moderate, or strong and it asks users to create security questions as well. When logging in with an Apple ID, three attempts at entering the wrong password will prompt a password reset via security questions or email authentication.

As noted by Ars Technica, while the study looks at several aspects of password management, it does avoid some important criteria such as whether sites allow password entry through unencrypted HTTP password connections or allow resets via security questions.

Top Rated Comments

UnfetteredMind Avatar
116 months ago
C'mon Dicks ... get it up!
Score: 9 Votes (Like | Disagree)
keysofanxiety Avatar
116 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons
Score: 8 Votes (Like | Disagree)
dannyyankou Avatar
116 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons

But animated wallpapers are so c00l! Who cares if customization opens up the possibility of battery drain, viruses, and hackers? I want my widgets and Swype keyboard!
Score: 6 Votes (Like | Disagree)
bearda Avatar
116 months ago
This kind of surprises me, as Apple still has no password expiration policy or review of older password requirements. I was kind of surprised to find out one of our test accounts has been running around with a... fairly insecure password for a long time without any prompt to change. It definitely wouldn't pass the new account standards now.
Score: 1 Votes (Like | Disagree)
Menel Avatar
116 months ago
C'mon Dicks ... get it up!

you win the internets

----------

Where are the websites with 2 factor auth?

PayPal google?
Msft doesn't even have 2 factor

My Microsoft account that hosts one of my domains, does have two way. Loads into the Google Auth app.
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 16

Apple Releases iOS 16.1.2 With Carrier Improvements and Crash Detection Optimizations

Wednesday November 30, 2022 10:09 am PST by
Apple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more. The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update. According...
Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
applefifthavenue

Man Robbed After Buying 300 iPhones From Apple Fifth Avenue

Tuesday November 29, 2022 11:54 am PST by
An unnamed 27-year-old man who purchased 300 iPhones from Apple Fifth Avenue on Monday morning was robbed shortly after leaving the store, according to 1010Wins Radio in New York. He was carrying 300 iPhone 13s in three bags and walking to his car at 1:45 a.m. when another car pulled up next to him. Two men jumped out and demanded that he hand over the bags. Not wanting to hand over 300...
14 vs 16 inch mbp m2 pro and max feature 1

'M2 Max' Geekbench Scores Leak Online, Revealing Rumored Specs and Performance

Wednesday November 30, 2022 2:39 am PST by
Geekbench scores allegedly for the upcoming "M2 Max" chip have surfaced online, offering a closer look at the performance levels and specific details of the forthcoming Apple silicon processor. The Geekbench results, first spotted on Twitter, are for a Mac configuration of with the M2 Max chip, a 12-core CPU, and 96GB of memory. The Mac listed has an identifier "Mac14,6," which could be...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
Apple Park View

Elon Musk Meets With Apple CEO Tim Cook Amid Claims of Twitter App Store Dispute [Updated]

Wednesday November 30, 2022 12:43 pm PST by
Twitter CEO Elon Musk today met with Apple CEO Tim Cook at the Apple Park campus in Cupertino, California, according to a tweet shared by Musk this afternoon. Musk thanked Cook for taking him around Apple's headquarters, with no mention of what the two might have discussed. The meeting comes just after Musk on Monday claimed that Apple has "mostly stopped" offering ads on Twitter, and that...
eufy camera

Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Tuesday November 29, 2022 1:01 pm PST by
Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video...
app store awards 2021

Apple Announces 2022 App Store Award Winners, Highlighting Best Apps of the Year

Tuesday November 29, 2022 3:10 am PST by
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team. The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said: This year's App Store Award winners reimagined...
iOS 16

Apple Still Has These 5 Things to Release Heading Into 2023

Thursday December 1, 2022 7:12 am PST by
The calendar has turned to December and that means Apple has only one month left to fulfill its promises of releasing an Apple Music Classical app and expanding its self-service repair program to Europe before the end of 2022. Delays are always possible, of course, so the plans could be pushed back to 2023. In any case, we have put together a list of five things that Apple still has to release...