Dashlane: Security Still a Problem for Many Websites After Heartbleed
Dashlane said many of the world's most popular websites did not implement standard security practices after the Heartbleed vulnerability was discovered last month.
Dashlane, a company that provides a digital wallet and password manager, reported many of the world’s most popular websites left consumer data exposed after the Heartbleed security vulnerability was discovered last month.
Several of the world’s most popular websites did not implement even the bare minimum standard security practices after the Heartbleed vulnerability was reported, according to the new Dashlane Security Roundup.
Apple (AAPL) was the only company to receive a perfect security score from Dashlane.
Antivirus software providers Kaspersky Lab, McAfee (MFE) and Norton earned positive marks, while AVG (AVG), Avira and Bitdefender received negative scores, Dashlane said.
Other Dashlane findings included:
86 percent of websites did not meet the threshold for adequate password policies (a score of +50).
53 percent of the sites received negative scores.
51 percent did not lock accounts after 10 incorrect password attempts.
48 percent allowed users to use “password” as their password.
“Our study found a clear and direct correlation between a website’s password requirements and the average strength of a user’s password. Sites that require more complex passwords have users with greater password strength. Passwords are the first line of defense in protecting private personal and financial information on the Web, and weak password requirements end up leaving all of us more exposed,” Dashlane CEO Emmanuel Schalit said in a prepared statement.
Dashlane said users’ password strength correlated to a website’s security score, and “tougher password requirements meant stronger and more secure passwords.”
The company offered the following recommendations for websites that want to improve their password security policies:
Do not accept the 10 worst passwords on the Web.
Do not allow login attempts after 10 incorrect password tries.
Email confirmations for password changes.
Require a minimum password length of 8 characters.
Require alphanumeric and case-sensitive passwords.
Dashlane evaluated over 80 of the Web’s most popular sites in the security roundup, and the full study results are available here.
Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].
About the Author
You May Also Like