We analyzed each website on a set of 6 criteria, on a scale of 0 to 10 points for each depending on how well those criteria were met. Each retailer then received a total out of 60 points based on their password requirements, how much information they store, and how much effort they put into helping customers follow good password security practices.
See our results in the infographic below, and follow our do's and don'ts for keeping your data safe this holiday season:
The study was conducted by LastPass in November 2014. We compared the websites of the top 10 retailers in the US chosen per Top 500 Guide’s Top 500 e-Commerce sites and the National Retail Federation’s Top 100 Retailers.
Each site was analyzed based on a set of 6 criteria, with a scale of 0 to 10 points based on whether the criteria were met, and how well they were met. We tested password requirements, including minimum and maximum number of characters allowed & variety of character types allowed.; whether these requirements were shown up front for the consumer; if the websites employed a password strength meter to encourage longer passwords; use of security questions, and the obscurity of the questions asked; whether HTTPS is used when any information is entered; how much personal information is collected (name, birthday, address, email, phone); how accessible that data was when you’re logged in; and whether payment information is stored in the online account, and how accessible that is when you’re logged in (ie were only the last four digits revealed, or was the full card number accessible in plain text). See the full scoring table here.