Study: 86 percent of websites have weak password policies

eBay, Spotify, and Avast all have reported breaches recently. How can you protect yourself from being hacked?

Beck Diefenbach/Reuters/File
An eBay sign is seen at an office building in San Jose, California May 28, 2014.

We've been calling 2014 the 'Year of the Hack,' but things are getting ridiculous. eBay was hacked just a couple weeks ago, and already two more companies, Spotify and Avast, have reported breaches of their own. If you're like us, you're probably wondering whether any website is secure these days.

However, getting hacked isn't inevitable. Recently, Dashlane, a password management website, conducted a study to find out which companies have the strongest and weakest password policies. We discussed the results of this study with Dashlane's CEO, Emmanuel Schalit, who explained that this information is critical, as hackers are more likely to go after the low-hanging fruit of weak passwords.

A strong password is useless if you use it everywhere

Dashlane CEO Emmanuel Schalit believes that consumers should stop fully relying on websites to protect their data. "What I think consumers should do is to start taking some of their security in their own hands," he said in an interview with DealNews. "When you visit a new site that you don't know and you are going to create an account there, you are going to give them a password. If you give this new website the same password you've been using everywhere else, it's essentially equivalent to giving the keys to your house to someone you've never met."

According to Schalit, hackers "know that most people tend to re-use the same passwords on multiple sites." When you use the same passwords over and over, all it takes is just one hacker getting into just one of those websites for all of your data to become vulnerable. "The consumer should assume that when they create an account on a website that the account could be breached," Schalit warned. "Having strong passwords is good, but it's not the most important thing. The most important thing is to have a different password on each and every website."

86 percent of sites have subpar password policies

Dashlane's latest study comes on the heels of one the site published in February, which found that 64 percent of e-commerce sites had weak password policies. In its most recent study, Dashlane expanded its net, looking at the password security polices of more than 80 of the web's most popular sites for everything from shopping to dating to internet security. The results were shocking: on a scale of -100 to 100, 86 percent of sites failed to earn a passing score of 50.

As was the case with the first study, Apple came out on top with a perfect score of 100. Other high-scoring sites included the Microsoft Store, UPS, Kaspersky Lab, and Target, all of which scored 70 or higher.

However, some popular websites exhibited very weak password security. Among the sites that didn'tpass were American Airlines, Expedia, LivingSocial, LinkedIn, and Amazon. The lowest score of all, a -70, went to

"These websites are not doing their job," Schalit said. He went on to explain that password management sites, such as Dashlane, can help protect consumers from shoddy password policies by generating random, unique passwords for every site a customer visits. This protects you from hackers because a user with a multitude of unique, strong passwords often isn't worth a hacker's time.

"There are so many easy targets out there. Whenever [a hacker] bumps into a target that is more protected, they will make the rational decision and go to the next one," Schalit explained. "Hackers are professionals, they're not just kids in basements. They are large, well-funded organizations, but they need to spend their resources wisely. And they do that by going after the easy targets."

Marcy Bonebright is a features writer with, where this article first appeared:

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.