Study: 86 percent of websites have weak password policies

eBay, Spotify, and Avast all have reported breaches recently. How can you protect yourself from being hacked?

Beck Diefenbach/Reuters/File
An eBay sign is seen at an office building in San Jose, California May 28, 2014.

We've been calling 2014 the 'Year of the Hack,' but things are getting ridiculous. eBay was hacked just a couple weeks ago, and already two more companies, Spotify and Avast, have reported breaches of their own. If you're like us, you're probably wondering whether any website is secure these days.

However, getting hacked isn't inevitable. Recently, Dashlane, a password management website, conducted a study to find out which companies have the strongest and weakest password policies. We discussed the results of this study with Dashlane's CEO, Emmanuel Schalit, who explained that this information is critical, as hackers are more likely to go after the low-hanging fruit of weak passwords.

A strong password is useless if you use it everywhere

Dashlane CEO Emmanuel Schalit believes that consumers should stop fully relying on websites to protect their data. "What I think consumers should do is to start taking some of their security in their own hands," he said in an interview with DealNews. "When you visit a new site that you don't know and you are going to create an account there, you are going to give them a password. If you give this new website the same password you've been using everywhere else, it's essentially equivalent to giving the keys to your house to someone you've never met."

According to Schalit, hackers "know that most people tend to re-use the same passwords on multiple sites." When you use the same passwords over and over, all it takes is just one hacker getting into just one of those websites for all of your data to become vulnerable. "The consumer should assume that when they create an account on a website that the account could be breached," Schalit warned. "Having strong passwords is good, but it's not the most important thing. The most important thing is to have a different password on each and every website."

86 percent of sites have subpar password policies

Dashlane's latest study comes on the heels of one the site published in February, which found that 64 percent of e-commerce sites had weak password policies. In its most recent study, Dashlane expanded its net, looking at the password security polices of more than 80 of the web's most popular sites for everything from shopping to dating to internet security. The results were shocking: on a scale of -100 to 100, 86 percent of sites failed to earn a passing score of 50.

As was the case with the first study, Apple came out on top with a perfect score of 100. Other high-scoring sites included the Microsoft Store, UPS, Kaspersky Lab, and Target, all of which scored 70 or higher.

However, some popular websites exhibited very weak password security. Among the sites that didn'tpass were American Airlines, Expedia, LivingSocial, LinkedIn, and Amazon. The lowest score of all, a -70, went to

"These websites are not doing their job," Schalit said. He went on to explain that password management sites, such as Dashlane, can help protect consumers from shoddy password policies by generating random, unique passwords for every site a customer visits. This protects you from hackers because a user with a multitude of unique, strong passwords often isn't worth a hacker's time.

"There are so many easy targets out there. Whenever [a hacker] bumps into a target that is more protected, they will make the rational decision and go to the next one," Schalit explained. "Hackers are professionals, they're not just kids in basements. They are large, well-funded organizations, but they need to spend their resources wisely. And they do that by going after the easy targets."

Marcy Bonebright is a features writer with, where this article first appeared:

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to