Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

Your Favorite Websites Have A Password Problem

A new post-Heartbleed study shows that 86% of the web's top sites have "subpar password security policies."

Posted on May 20, 2014, at 5:43 p.m. ET

It's no secret that the internet has a serious password problem. Much of the time, we, the users, are at fault; generally speaking, we're still prone to using lazy phrases like "123456" and "password" to secure our personal information. Equally important, though, are the password security policies of the internet's individual sites; there's no standard practice for securing information from site to site, leaving some more vulnerable than others to breaches. And now, according to a new survey from the password management company Dashlane, many prominent sites that routinely collect consumer data have dangerously lax password requirements in place.

According to the study, which used 22 password criteria to judge 80 top websites, more than 86% received a "subpar"score of below +50, the study's minimum requirement for password security. Of the sites surveyed,, Hulu, Overstock, Fab, and Amazon posted the lowest scores for allowing users to accept weak and generic passwords. Apple (the only company to receive a perfect score), Microsoft, UPS, Target, GoDaddy, and Yahoo Mail were among the highest for including on-screen password strength, disallowing generic passwords, and requiring long, alphanumeric phrases.

While by no means a comprehensive measure of website security, the results paint a concerning picture for the already-flawed password infrastructure. The study, which was conducted after numerous high-profile security breaches like last month's Heartbleed bug (which was thought to affect up to two-thirds of the internet), showed that major sites that collect personal information like LinkedIn, Evernote, Amazon, and Dropbox fall short of asking for the most basic password requirements.

As many security experts will note, the password is a deeply imperfect security method, and there's no permanent solution in sight. Back in April, 1Password's Dave Chartier told BuzzFeed the "biggest obstacle is probably human behavior — the sheer desire to do things we're not interested in in the shortest time possible." With that in mind, it's time more sites stepped up to help save us from ourselves.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.