Which e-retailers have good user security?

Some web sites have better password rules than others, and some collect more information. The best is Apple, the worst is Sears.

Password management company LastPass has compared ten web retail companies based on several user security rules.

LastPass comes up with a list of "naughty" and "nice" based on total scores in the comparison (see their infographic below for the cute version of the summary) but the detailed results clarify some of the distinctions.

Here are the detailed results. The full LastPass table includes explanations for the individual scores, each of which is out of a possible ten.

RetailerPassword RequirementPasswiord StrengthSecurity QuestionsSpecific QuestionsHTTPSAmount of data storedTotal
Apple App Store 7 0 10 10 10 5 42
eBay 7 0 8 10 10 3 38
Macy's 5 0 10 10 10 3 38
Best Buy 7 10 0 0 10 3 30
Target 7 10 0 0 10 3 30
Amazon 5 0 0 0 10 3 18
Walmart 5 0 0 0 10 3 18
Kohl's 5 0 0 0 10 3 18
JCPenny 5 0 0 0 10 3 18
Sears 0 0 0 0 10 3 13

free pdf

Special report: The future of Everything as a Service

SaaS has set off a revolution in the way companies consume services on-demand. We look at how it's spreading to other IT services and transforming IT jobs.

Read More

According to LastPass, the retailers chosen are the "top 10 retailers in the US chosen per Top 500 Guide’s Top 500 e-Commerce sites and the National Retail Federation’s Top 100 Retailers."

  • Password Requirement: The rules for strong passwords. Does the site let you do "asdf" or do they make you use strong passwords?
  • Password Strength: Does the site tell you how strong the password you chose is?
  • Security Questions: Does the site ask you for security questrions? How many?
  • Questions: Are the questions stupid ones?
  • HTTPS: Does the site force an SSL connection?
  • Amount of data stored: Is the site storing more information than they should?

Based on the results I see three tiers of sites: Apple, eBay and Macy's are clearly at the top. BestBuy and Target are a step down, and Amazon, Walmart, Kohls, JCPenny and Sears are, as LastPass says, naughty.

The differences are made in the password strength meter, which is what draws BestBuy and Target out of the naughty list, and in the two security question columns. These are what put Apple, eBay and Macy's up top.

naughty_nice_blog[2]

 

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All