Sharon Koehler

Artistic Stone Design

Recently, I wrote about security breaches and the need for strong passwords, but have you ever wondered how much help we are getting from the places we visit online? After all, we (the general public) trust the online places we visit with our information. Are they hurting us or helping us? As it turns out, they are doing both. Some sites have gone above and beyond to protect us, and some… well, not so much.

There are five things to consider when creating passwords and trusting online sites.

1.  Do they require a minimum of eight characters for passwords?

Eight words or letters is a minimum length – depending on what you use, the longer, the stronger.

2.  Are alphanumeric passwords allowed and/or required?

Alphanumeric passwords are passwords that contain a combination of numbers and letters, like 1Dog$360.

3.  Does the site give immediate feedback on the strength of your password when you create it? 

When you create your password, the site uses an algorithm, often in a progress bar, to indicate whether your password is weak, medium or strong. Remember, eight words or letters is a minimum length – it can be longer.

4.   Does the site have procedures in place to prevent brute-force logins? 

Brute force logins are when someone attempts either manually or electronically to “guess” your password over and over again. Many sites now only allow three tries at logging in. After that, the site locks you out and you’ll have to contact them through email or customer service to reset your password.

5.   Does the site offer a two-step or multi step authentication procedure? 

The most common example of this is your bank, and ATMs. With an ATM, you need a keycard and a pin. When I log onto my bank’s site I need my account number, plus my pin number AND I also have to answer a security question.

Who Gets It Right?

There have been some studies, and you might be surprised at how some of the most visited sites ended up in the rankings. At the very top, meaning they are the most secure are: GoDaddy, QuickBooks and Stripe. It’s a good thing too, because GoDaddy is the keeper of e-mails and websites, among other things. QuickBooks and Stripe are both sites that retain huge amounts of sensitive financial data. All three of these companies have all five of the password criteria and safeguards in place.

It’s surprising that more sites aren’t at the top, but there are a bunch that almost are, meaning they have four out of the five procedures or safeguards in place. These include, but are not limited to Basecamp, Apple, Best Buy, Home Depot, PayPal, Skype, Microsoft, Toys R Us and Tumblr. As you can see, these are all very popular sites that thousands if not millions of people use.

There are many sites that scored in the middle of the road, with three out of five procedures or safeguards in place. Now, that doesn’t mean they are bad. You just need to be a little more cautious about your password with these sites.

The sites that scored three out of five in the study include, but are not limited to Airbnb, Facebook, Google, Target, Staples, Yahoo and Mailchimp. Again, these are popular sites that a lot of people use on a daily basis.

Truthfully, it’s the next ranking that shocked me. These sites only scored two out of five and there are some big names on it. Amazon, (that was a shocker) eBay, LinkedIn and Twitter all only have two safeguards in place for password protection. Amazon has two-step authentication and they have brute force login attempt protection. Twitter has alphanumeric passwords and two-step authentication. The steps these sites have in place do vary, but could be much stronger.

This next category is just scary, because these popular sites only have one safeguard or procedure in place, and there are some GIANT names on it. Macy’s, Pintrest and Walmart made the list of having only one safeguard. Walmart only has two-step authentications. Macy’s only has brute force login protection. Be very vigilant about the passwords you create for these types of sites.

The Worst Offenders

These last sites have NO safeguards in place to protect you, and again there are some big names on it. Spotify, Netflix, Pandora and Uber all made the list of ZERO protection. So these sites leave it all up to you to protect yourself. 

What the study found is that the online companies where we shop and do banking and financial transactions are all over the place on the subject of online security. You need to protect yourself and your information and not just trust that they are doing it for you. Some are vigilant, but don’t find out the hard way that some aren’t.

Please send your thoughts on this article to Sharon Koehler at Sharon@asdrva.rocks.