In a comprehensive study of the password security policies of 100 e-commerce websites, Apple was the only site to receive a perfect score of 100.

Conducted by password-management company Dashlane (via Ars Technica), the Personal Data Security in E-Commerce Security Roundup [PDF] examined the password policies at various sites using 24 different criteria like acceptance of weak passwords and whether or not entry is blocked after failed attempts.

passwordscores

The roundup assesses the password policies of the top 100 e-commerce sites in the US by examining 24 different password criteria that Dashlane has identified as important to online security, and awarding or docking points depending upon whether a site meets a criterion or not. Each criterion is given a +/- point value, leading to a possible total score between –100 and 100 for each site.

While Apple was the only company to earn a score of 100, other companies, like Microsoft, Newegg, and Target also received high scores while Major League Baseball, Toys R Us and Aeropostale received some of the lowest scores.

The study revealed that 55 percent of online retailers accepted weak passwords like "password" or "123456" and 51 percent made no attempt to block entry after 10 incorrect password entries. 61 percent did not provide advice on how to create a strong password, and 93 percent did not provide an on-screen password strength assessement.

Apple, however, met and exceeded all criteria as the company has notoriously stringent password rules to encourage its users to create strong passwords.

Some retailers may argue that such requirements impede user convenience, but companies such as Apple, arguably the most famous brand on the list, have shown that it is possible to be both secure and successful. In every category we tested, Apple implemented the 4 simple policies and procedures we recommend above. These policies resulted in the company being awarded the only perfect score in the study.

When a new Apple ID account is created, users must have a password with at least eight characters, one lower case letter, one capital letter, and one number. The password cannot contain multiple identical consecutive characters, it can't be a common password, and it can't be the same as the account name.

Apple will also rate passwords as weak, moderate, or strong and it asks users to create security questions as well. When logging in with an Apple ID, three attempts at entering the wrong password will prompt a password reset via security questions or email authentication.

As noted by Ars Technica, while the study looks at several aspects of password management, it does avoid some important criteria such as whether sites allow password entry through unencrypted HTTP password connections or allow resets via security questions.

Top Rated Comments

UnfetteredMind Avatar
129 months ago
C'mon Dicks ... get it up!
Score: 9 Votes (Like | Disagree)
keysofanxiety Avatar
129 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons
Score: 8 Votes (Like | Disagree)
dannyyankou Avatar
129 months ago
But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

But customisability, guys! You're too locked down! #changingicons

But animated wallpapers are so c00l! Who cares if customization opens up the possibility of battery drain, viruses, and hackers? I want my widgets and Swype keyboard!
Score: 6 Votes (Like | Disagree)
bearda Avatar
129 months ago
This kind of surprises me, as Apple still has no password expiration policy or review of older password requirements. I was kind of surprised to find out one of our test accounts has been running around with a... fairly insecure password for a long time without any prompt to change. It definitely wouldn't pass the new account standards now.
Score: 1 Votes (Like | Disagree)
Menel Avatar
129 months ago
C'mon Dicks ... get it up!

you win the internets

----------

Where are the websites with 2 factor auth?

PayPal google?
Msft doesn't even have 2 factor

My Microsoft account that hosts one of my domains, does have two way. Loads into the Google Auth app.
Score: 1 Votes (Like | Disagree)

Popular Stories

Apple Logo

Apple Discontinued These 5 Products This Year

Monday November 27, 2023 7:03 am PST by
As the end of 2023 nears, now is a good opportunity to look back at some of the devices and accessories that Apple discontinued throughout the year. Apple products discontinued in 2023 include the iPhone 13 mini, 13-inch MacBook Pro, MagSafe Battery Pack, MagSafe Duo Charger, and leather accessories. Also check out our lists of Apple products discontinued in 2022 and 2021. iPhone Mini ...
ios 17 namedrop

Police Departments and News Sites Spreading Misinformation About How iOS 17 NameDrop Feature Works

Monday November 27, 2023 5:11 pm PST by
Apple with iOS 17.1 and watchOS 10.1 introduced a new NameDrop feature that is designed to allow users to place Apple devices near one another to quickly exchange contact information. Sharing contact information is done with explicit user permission, but some news organizations and police departments have been spreading misinformation about how functions. As noted by The Washington Post,...
iOS 17

iOS 17.1.2 Update for iPhone Likely to Be Released This Week

Monday November 27, 2023 8:24 am PST by
Apple will likely release iOS 17.1.2 this week, based on mounting evidence of the software in our website's analytics logs in recent days. As a minor update, iOS 17.1.2 should be focused on bug fixes, but it's unclear exactly which issues might be addressed. Some users have continued to experience Wi-Fi issues on iOS 17.1.1, so perhaps iOS 17.1.2 will include the same fix for Wi-Fi...
Cyber Monday Deals Feature 2022

40+ Apple Cyber Week Deals for AirPods, iPad, Apple Watch, and More

Sunday November 26, 2023 9:47 am PST by
Cyber Week has taken the place of Black Friday, and you'll find some of the same deals still around for the next few days, although many from Black Friday have now expired. This includes dozens of record low prices on Apple products like AirPods, iPad, Apple Watch, MacBook, iPhone, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
General Black Friday Deals 2022 Green

40+ Apple Black Friday Deals Still Available for AirPods, iPhone, iPad and More

Friday November 24, 2023 5:01 am PST by
Black Friday 2023 has officially ended, but we're still tracking some of the best deals of the year on Apple products like AirPods, iPad, iPhone, MacBook, and many more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Specifically, in this article we're...