Your Internet passwords stink, but it’s not (completely) your fault

This post comes from Sean T. Johnston at our partner site Zing.

If you’re like most Americans, you probably don’t pay much attention to creating impenetrable passwords for your online accounts. According to Splashdata, an online password provider, the list of the top online passwords are just terrible from a security standpoint.

The good news is that “password” is no longer the number one password online (it’s now number two!). The bad news is that “123456” took the top spot; “abc123” and “111111” were also among the top 10.

C’mon people, really? Your financial information, emails and personal data are online, and the only thing protecting your information from people with nefarious intentions is “123456”?

Do yourself a favor and take a look at this list of the most common passwords in 2013. If anything looks familiar, you should follow these tips to create more secure ones.

Now that we’ve addressed your terrible passwords, let’s talk about the websites that allow them. In fairness, they should know better than to let a flimsy string of sequential numbers be the only layer of password cyber security for their customers.

According to a recent study by Dashlane, a password management application, not all online companies have the same commitment to ensuring their clients create rock-solid passwords. The Dashlane study scored many leading websites on their password policies. You can read the full study here, or a summary on Gizmodo.

Key Points from the Dashlane Study

  • Over half of the 100 largest e-retailers still accept weak passwords like “abc123” and “123456”.
  • Over half of the websites tested do not block entry to an account after 10 incorrect password attempts.
  • 61% of the websites don’t offer any assistance to new registrants in creating secure passwords.
  • Only 10% of the online retailers tested met Slashdata’s criteria for “good password policies, ” a score of 45 or above.
  • Eight sites tested send passwords in plain text via email, which is widely considered among Internet security experts to be a bad idea.

Only one major online retailer, Apple, scored a perfect 100 in the Slashdata study, while several major websites were in negative territory. Amazon, Overstock and Office Depot were among those with low security scores.

The Fix is Simple

The problem is clear, but what would it take to solve it? According to the study, there are four things online retailers can do to improve their security policies:

  • Require that all passwords contain at least eight characters with a combination of upper and lowercase letters, numbers and special characters.
  • Block account access attempts after four failed password entries.
  • Give users on-screen advice for creating secure passwords when they sign up.
  • Assess the strength of passwords as users are creating them.

When it comes to lax password security it’s clear that there’s work to be done on both sides of the equation. We, as consumers, need to put a little more attention into creating secure passwords than we currently do. On the other hand, several major Internet retailers clearly need to beef up their policies and stop enabling us to create lazy passwords.

Or, we can just wait until alpha-numeric passwords are obsolete. That day is not too far off, either.

More stories from Zing:

Online sales tax: What’s the deal?

Buying and Selling Homes in 2014: A More Balanced Market

Decorating Your Home: A Guide for Music Lovers

2 Responses to “Your Internet passwords stink, but it’s not (completely) your fault”

  1. Anonymous

    I use strong passwords for anything important. My KeePass program generates many-character gobbledygook passwords. Online sites, of course, would prefer that we use strong passwords. However, some of them do an annoying thing: their webpages won’t take copied and pasted or dragged passwords, forcing one to actually type them. If I have a password like E/95F’A9Dsw6_eP\ I’m not going to be very happy if I have to type it and am going to change it to something much easier. Come on, companies, allow us to paste passwords in if you want us to use strong ones.

  2. Anonymous

    I use strong passwords on sites that have my personal data, but it seems like every darn site wants me to register with a password, so for basic sites (like this one, if it required me to sign in to read posts), I use one of five very, very basic passwords.

    When I see posts like this, I wonder how many of the bad passwords are for sites that, say, offer coupons to print out versus banking sites or even retailers, and how much that skews the data since I’m sure I’m not the only one who does this.

Leave a Reply