In a comprehensive study of the password security policies of 100 e-commerce websites, Apple was the only site to receive a perfect score of 100.

Conducted by password-management company Dashlane (via Ars Technica), the Personal Data Security in E-Commerce Security Roundup [PDF] examined the password policies at various sites using 24 different criteria like acceptance of weak passwords and whether or not entry is blocked after failed attempts.

passwordscores

The roundup assesses the password policies of the top 100 e-commerce sites in the US by examining 24 different password criteria that Dashlane has identified as important to online security, and awarding or docking points depending upon whether a site meets a criterion or not. Each criterion is given a +/- point value, leading to a possible total score between –100 and 100 for each site.

While Apple was the only company to earn a score of 100, other companies, like Microsoft, Newegg, and Target also received high scores while Major League Baseball, Toys R Us and Aeropostale received some of the lowest scores.

The study revealed that 55 percent of online retailers accepted weak passwords like "password" or "123456" and 51 percent made no attempt to block entry after 10 incorrect password entries. 61 percent did not provide advice on how to create a strong password, and 93 percent did not provide an on-screen password strength assessement.

Apple, however, met and exceeded all criteria as the company has notoriously stringent password rules to encourage its users to create strong passwords.

Some retailers may argue that such requirements impede user convenience, but companies such as Apple, arguably the most famous brand on the list, have shown that it is possible to be both secure and successful. In every category we tested, Apple implemented the 4 simple policies and procedures we recommend above. These policies resulted in the company being awarded the only perfect score in the study.

When a new Apple ID account is created, users must have a password with at least eight characters, one lower case letter, one capital letter, and one number. The password cannot contain multiple identical consecutive characters, it can't be a common password, and it can't be the same as the account name.

Apple will also rate passwords as weak, moderate, or strong and it asks users to create security questions as well. When logging in with an Apple ID, three attempts at entering the wrong password will prompt a password reset via security questions or email authentication.

As noted by Ars Technica, while the study looks at several aspects of password management, it does avoid some important criteria such as whether sites allow password entry through unencrypted HTTP password connections or allow resets via security questions.

Top Rated Comments

UnfetteredMind Avatar
98 months ago
C'mon Dicks ... get it up!
Score: 9 Votes (Like | Disagree)
keysofanxiety Avatar
98 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons
Score: 8 Votes (Like | Disagree)
dannyyankou Avatar
98 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons

But animated wallpapers are so c00l! Who cares if customization opens up the possibility of battery drain, viruses, and hackers? I want my widgets and Swype keyboard!
Score: 6 Votes (Like | Disagree)
bearda Avatar
98 months ago
This kind of surprises me, as Apple still has no password expiration policy or review of older password requirements. I was kind of surprised to find out one of our test accounts has been running around with a... fairly insecure password for a long time without any prompt to change. It definitely wouldn't pass the new account standards now.
Score: 1 Votes (Like | Disagree)
Menel Avatar
98 months ago
C'mon Dicks ... get it up!

you win the internets

----------

Where are the websites with 2 factor auth?

PayPal google?
Msft doesn't even have 2 factor

My Microsoft account that hosts one of my domains, does have two way. Loads into the Google Auth app.
Score: 1 Votes (Like | Disagree)

Top Stories

Flat 2021 MacBook Pro Mockup Feature

Unreleased Apple Macs and Apple Watches Listed in Eurasian Database Ahead of Fall Product Launches

Monday August 2, 2021 9:34 am PDT by
Apple is preparing for a slew of fall product launches according to new filings that showed up today in the Eurasian Economic Commission database. There are listings for new Mac and Apple Watch models, all of which have previously unknown model identifiers that indicate that they're upcoming devices. There are six new Apple Watch identifiers, including A2473, A2474, A2475, A2476, A2477, and...
ifixit iphone12 mini

Apple to Make Space for Larger Batteries in iPhones, iPads, and MacBooks By Adopting Slimmer Peripheral Chips

Monday August 2, 2021 2:12 am PDT by
For future iPhones, iPads, and MacBooks, Apple plans to use smaller internal components in an effort to increase the size of the device's battery, according to DigiTimes. Image Credit: iFixit Specifically, Apple plans to "significantly increase the adoption" of IPDs or integrated passive devices for the peripheral chips in its products. These news chips will be slimmer in size and allow for...
Apple Watch 7 Unreleased Feature

Apple Watch Series 7 to Focus on One Major Upgrade

Wednesday August 4, 2021 2:12 am PDT by
The upcoming Apple Watch Series 7 will focus on one important feature in an attempt to tempt existing Apple Watch users that have an older device to upgrade, according to recent reports. Apple may skip adding new health sensors to this year's Apple Watch Series 7 in favor of improving the device's battery life. The company is said to be adopting new double-sided System in Package (SiP)...
magic keyboard touch id

Apple Makes Magic Keyboard With Touch ID Available for Separate Purchase

Tuesday August 3, 2021 5:22 am PDT by
Apple has made the Magic Keyboard with Touch ID, which previously was only available with the purchase of the new 24-inch iMac, available for purchase individually for $149. Apple also retails the Magic Keyboard with Touch ID and a numeric keypad for $179. A standard Magic Keyboard without Touch ID or a numeric keypad is available for $99, and a new Magic Trackpad for $129. One major...
iPhone 13 Wi Fi 6E feature update

Wi-Fi 6E Explained: What It Could Mean for iPhone 13 and Beyond

Monday August 2, 2021 8:00 am PDT by
The iPhone 13 is widely expected to come with Wi-Fi 6E capabilities, and while it may seem rather nuanced to the average consumer, with only improved speeds and being "up to date" in the realm of Wi-Fi technology, it's actually a fairly significant improvement, laying the groundwork for much of what we know the future holds. To truly understand Wi-Fi 6E, MacRumors sat down for an exclusive...
applestoredown

Apple's Online Store Temporarily Down [Update: Back Up]

Tuesday August 3, 2021 4:01 pm PDT by
Apple's online Apple Store is down at the current time, and attempting to access it to make a purchase gives the standard "Be Right Back" message. Given that it's a Tuesday night/afternoon in the United States and we're not expecting any new products this week, it's likely that this is a temporary maintenance outage that is not related to a new product release. The Apple Store app is also...
themorningshowcarrell

Apple Decided Not to Buy Reese Witherspoon's 'Hello Sunshine' Media Company

Monday August 2, 2021 2:02 pm PDT by
Reese Witherspoon's media company "Hello Sunshine" recently courted various buyers, and while Apple was one of parties interested in buying Hello Sunshine, the Cupertino company did not end up going through with the purchase. Hello Sunshine was valued at around $900 million thanks to its involvement in popular series like The Morning Show," "Big Little Lies," and "Little Fires Everywhere,"...
iPhone 13 Dummy Thumbnail 2

Apple Brings China's Luxshare Precision into iPhone 13 Supply Chain to Meet Production Targets

Wednesday August 4, 2021 12:19 am PDT by
Apple is tapping more Chinese suppliers as it seeks to meet ambitious targets for iPhone 13 production, according to a new report by Nikkei Asia. Apple is set to produce between 90 million and 95 million iPhones through January, according to a previous Nikkei report, and China's Luxshare Precision Industry has won 3% of orders away from Taiwanese rivals Foxconn and Pegatron. Luxshare will...
mac pro new graphics

Apple Introduces New High-End Graphics Options for Mac Pro

Tuesday August 3, 2021 7:34 am PDT by
Apple today began offering new high-end graphics upgrade options for both the tower and rack versions of the Mac Pro desktop computer. This comes on the same day that Apple started selling the Magic Keyboard with Touch ID on a standalone basis. As noted by CNN Underscored's Jake Krol, the Mac Pro can now be configured with new AMD Radeon Pro W6800X, W6800X Duo, or W6900X graphics when...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...