A study by Dashlane has found that many consumer and enterprise sites fail to implement basic password security requirements.
Popular sites – including Dropbox, Netflix, Pandora, DocuSign, and Amazon – were among the culprits.
The study – conducted by Dashlane from 5-14 July – employed a methodology which consisted of the following factors:
- Does the site require at least 8 characters in a password.
- Does the site allow repeated numbers/letters without an alphanumeric mix. Example: “aaaaaa”.
- Does the site provide a “password strength indicator”.
- Does the site allow brute-force attacks – continual entry of incorrect credentials without a lockout/Captcha code requirement.
- Does the site support 2-factor or multi-factor authentication.
The tests found that the following sites scored full marks when it came to ensuring users created a strong password:
Sites which scored poorly included: