NEWS
Apple ID Website Receives 4/5 'Good' Score in Dashlane's 2017 Password Power Rankings
2291
2017-08-11
Posted by 3uTools

Password management app Dashlane has enlisted a group of researchers to assess and rank the password policy and security of 37 consumer and 11 enterprise websites. The study examined five password security criteria to result in a point-based ranking system, with points awarded for the following categories: requiring 8+ characters, needing alphanumeric passwords, including a password strength assessment indicator, passing brute force attack simulations, and supporting 2-factor authentication. 

Based on these data points, the 
Apple ID sign-in page scored a 4/5 and earned a "Good" ranking. Apple passed on all criteria except for the brute force attack test, where researchers said they were never presented with a security warning ("such as a CAPTCHA code or the account automatically locking") after entering incorrect credentials 10 times in a row. Dashlane mentioned that the study was completed during the week of July 5 - July 14, 2017. 

Apple ID Website Receives 4/5 'Good' Score in Dashlane's 2017 Password Power Rankings

"We created the Password Power Rankings to make everyone aware that many sites they regularly use do not have policies in place to enforce secure password measures. It's our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account," said Dashlane CEO Emmanuel Schalit. "However, companies are responsible for their users, and should guide them toward better password practices."


Above Apple with perfect scores were GoDaddy, Stripe, and QuickBooks, but at the very low end with a score of 0/5 were Netflix, Pandora, Spotify, Uber, and Amazon Web Services. Dashlane said that in total 46 percent of consumer sites have "dangerously lax" password policies, while 36 percent of enterprise websites face the same issue. 

The researchers said that some of the more troubling findings related to being able to create a password using nothing but the lowercase letter "a" on Amazon, Dropbox, Google, Instagram, LinkedIn, Netflix, Spotify, Uber, and Venmo. The Apple ID sign-in page was one of six sites that did not have a policy to prevent brute force attacks, also including Dropbox, Google, Twitter, Venmo, and Walmart. 

Visit Dashlane's website 
here for more information on the 2017 Password Power Rankings, including a few infographics. Dashlane has performed similar studies of password security policies in years past.


Source: macrumors

Related Articles
Unlikely ‘iPhone SE 2’ with iPhone X Design Surfaces in New Video A New Phishing Attack Could Trick your Apple ID Password It has 423 uncracked Apple devices in Manhattan evidence room Apple's Warranty Coverage Check Website Briefly Demanded Apple ID for Access Apple's iTunes Remote Updated With Two-Factor Authentication Apple’s My Support Page is Back With New Design Apple Email Encourages Trade-in Upgrades to iPhone 7 Ahead of 'iPhone 8' iCloud Users Receive Unexpected Subscription Discontinuation Alerts