Password management company LastPass has compared ten web retail companies based on several user security rules.

LastPass comes up with a list of "naughty" and "nice" based on total scores in the comparison (see their infographic below for the cute version of the summary) but the detailed results clarify some of the distinctions.

Here are the detailed results. The full LastPass table includes explanations for the individual scores, each of which is out of a possible ten.

Retailer Password Requirement Passwiord Strength Security Questions Specific Questions HTTPS Amount of data stored Total Apple App Store 7 0 10 10 10 5 42 eBay 7 0 8 10 10 3 38 Macy's 5 0 10 10 10 3 38 Best Buy 7 10 0 0 10 3 30 Target 7 10 0 0 10 3 30 Amazon 5 0 0 0 10 3 18 Walmart 5 0 0 0 10 3 18 Kohl's 5 0 0 0 10 3 18 JCPenny 5 0 0 0 10 3 18 Sears 0 0 0 0 10 3 13

According to LastPass, the retailers chosen are the "top 10 retailers in the US chosen per Top 500 Guide’s Top 500 e-Commerce sites and the National Retail Federation’s Top 100 Retailers."

Password Requirement: The rules for strong passwords. Does the site let you do "asdf" or do they make you use strong passwords?

Password Strength: Does the site tell you how strong the password you chose is?

Security Questions: Does the site ask you for security questrions? How many?

Questions: Are the questions stupid ones?

HTTPS: Does the site force an SSL connection?

Amount of data stored: Is the site storing more information than they should?

Based on the results I see three tiers of sites: Apple, eBay and Macy's are clearly at the top. BestBuy and Target are a step down, and Amazon, Walmart, Kohls, JCPenny and Sears are, as LastPass says, naughty.

The differences are made in the password strength meter, which is what draws BestBuy and Target out of the naughty list, and in the two security question columns. These are what put Apple, eBay and Macy's up top.