Password management app Dashlane has enlisted a group of researchers to assess and rank the password policy and security of 37 consumer and 11 enterprise websites. The study examined five password security criteria to result in a point-based ranking system, with points awarded for the following categories: requiring 8+ characters, needing alphanumeric passwords, including a password strength assessment indicator, passing brute force attack simulations, and supporting 2-factor authentication.

Based on these data points, the Apple ID sign-in page scored a 4/5 and earned a "Good" ranking. Apple passed on all criteria except for the brute force attack test, where researchers said they were never presented with a security warning ("such as a CAPTCHA code or the account automatically locking") after entering incorrect credentials 10 times in a row. Dashlane mentioned that the study was completed during the week of July 5 - July 14, 2017.

apple passwords id login

"We created the Password Power Rankings to make everyone aware that many sites they regularly use do not have policies in place to enforce secure password measures. It's our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account," said Dashlane CEO Emmanuel Schalit. "However, companies are responsible for their users, and should guide them toward better password practices."

Above Apple with perfect scores were GoDaddy, Stripe, and QuickBooks, but at the very low end with a score of 0/5 were Netflix, Pandora, Spotify, Uber, and Amazon Web Services. Dashlane said that in total 46 percent of consumer sites have "dangerously lax" password policies, while 36 percent of enterprise websites face the same issue.

The researchers said that some of the more troubling findings related to being able to create a password using nothing but the lowercase letter "a" on Amazon, Dropbox, Google, Instagram, LinkedIn, Netflix, Spotify, Uber, and Venmo. The Apple ID sign-in page was one of six sites that did not have a policy to prevent brute force attacks, also including Dropbox, Google, Twitter, Venmo, and Walmart.

Visit Dashlane's website here for more information on the 2017 Password Power Rankings, including a few infographics. Dashlane has performed similar studies of password security policies in years past.

Top Rated Comments

gsmornot Avatar
88 months ago
I use a few sites that limit my password to 10 characters. They should call them out.
Score: 9 Votes (Like | Disagree)
justperry Avatar
88 months ago
Captcha should be renamed to Crapcha, worthless piece of crap, I had serious issues registering on a few websites due to this Crapcha, nowadays it tends to give you a picture with grids, next you have to pick some which have certain 'things' in it like cars or shops, they are Crap too, sometimes it takes a minute to complete.


Anyone not using 2 factor authentication is basically inviting people to take their personal information.
Erm, No, it (also) depends on the websites they visit, you could avoid them but I am pretty sure some people need to be on those sites, for instance job related.
Score: 6 Votes (Like | Disagree)
dampfnudel Avatar
88 months ago
In fairness Apple are very good at not allowing unauthorised people into your account as I've learned myself. Some person whom I don't know tried to enter my password several times without success, blocking the account. I didn't have security remedies setup so I lost my account.... Oh well, now I use 2 factor authentication for all my major accounts. Happy days.
Anyone not using 2 factor authentication is basically inviting people to take their personal information.
Score: 4 Votes (Like | Disagree)
ChrisA Avatar
88 months ago
Ten attempts is not "brute force". Brute force attacks typically require hundreds of thousands or millions of attempts. And there are ways of preventing them that don't annoy users. The simplest one is to simply not prpcesspasswords really fast. Make shure it takes at least 5 or 10 second before saying "wrong, try again". When limited to only one try every 5 seconds brute force could take years.
Score: 3 Votes (Like | Disagree)
DCYorke Avatar
88 months ago
Captcha is hardly needed when 2FA is enabled and it's just a pain for everyone, they shouldn't've lost points for that one. However, requiring a number should not be seen as increased security, especially when apple doesn't allow "correct horse battery staple" type passwords. It'd be much better to allow long passwords with spaces than to require numbers to be added.
Score: 3 Votes (Like | Disagree)
justperry Avatar
88 months ago
Not a bad rating at all considering some celebrities got their iCloud accounts nt compromised. Kudos to Apple for doing a great job!
Because those celebs used easy to guess passwords or something else THEY did, it wasn't Apple's servers or software that got compromised.
Score: 2 Votes (Like | Disagree)

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...