Time and again we've been reminded that we, as a society, pretty much suck at choosing passwords. It doesn't help that companies allow weak passwords to be created and have poor policies. Dashlane reports on how the top 100 online sites fare when it comes to ensuring secure passwords.


The ranking is based on which sites require: password length of at least 8 characters; a mix of letters, numbers, and symbols; blocked account access after four failed login attempts; and password advice and strength meters. Dashlane also evaluated the sites based on things like accepting "password" as a password and whether they send password change confirmation emails.


As Ars Technica notes, some of those requirements are iffy and some important security criteria were left out of the analysis. For example, password strength meters often give users a false sense of security. Meanwhile, behind-the-scenes info like how the passwords are stored in the companies' databases is left out.

Still, the report is telling—and, in some cases, alarming. Apple tops the "most secure" list, along with Newegg, Microsoft, Chegg, and Target. At the bottom are sites like Toys R Us, J. Crew, and 1-800-Flowers.com—which email users' passwords in plain text. If you use any of the sites on the "least secure" side, it's just another reminder to use unique passwords for all sites and to make your password as strong as you're allowed—in addition to following other security best practices.


Here's Dashlane's infographic on the subject.


See Dashlane's press release for the full report.

The Illusion of Personal Data Security in E-Commerce: Dashlane Q1 2014 Personal Data Security Roundup (PDF) | Dashlane