[INFOGRAPHIC] Best & Worst Online Retailers for Account Security This Holiday Shopping Season

With the holidays just around the corner, Cyber Monday is a great opportunity to knock out your holiday shopping list, but at what cost? We did some investigating into the top e-retailers to see which sites make protecting your online information a priority so that gift shopping doesn’t cost you more than it should this holiday season.

We identified the top e-retailers based on e-commerce sales in 2015 and analyzed each website on a set of six criteria. The criteria was then ranked on a scale of 0 to 10 points, depending on how well those criteria were met. Each retailer then received an overall ranking based on their password requirements, how much information they store, and how much effort they put into helping customers follow good password security practices. Check out the results in the infographic below.

cybermondaygraphicSo what makes some online retailers more secure than others? Below are a few things to look for to help you determine which sites are more likely to keep your information safe.

  • The more password requirements, the better. By now we all know we need to have strong, unique passwords for every account. Still, it can be easy to just pick a simple, easy-to-remember password when you’re racing to the checkout. In our recent survey that looked at the psychology of password behavior, we found that only 43 percent of people prioritize their retail accounts when it comes to creating strong passwords. It’s always a good sign when a website requires you to include a variety of uppercase and lowercase letters, numbers and symbols. Bonus points if it allows or requires a long password (for instance, at least 20 characters).
  • Password strength meter is a plus. All top five e-retailers offer a password strength meter, so you know just how strong your password is. Looking for a second opinion? Take the security challenge in your LastPass vault and see not only how strong your password is but how similar it may be to other account passwords you have.
  • Avoid saving too much information in your profile. Having your address, credit card information, billing and shipping information saved in your online account makes online shopping more convenient for consumers, but it can also make stealing information more convenient for hackers. The less information you save in your shopping accounts; the less information a hacker gains access to in the event of a breach.
  • Offering two-factor authentication. Surprisingly, we found that none of the websites we researched readily offered two-factor authentication, which means that even the most secure websites have not yet adopted some of the additional layers of security that are available today. When setting up an online account with an e-retailer (or any website), be sure to check the security settings and set up two-factor authentication whenever possible.

How’d We Get These Results?

The study was conducted by LastPass in October 2016. We compared the websites of the top 25 online retailers in the US in 2015 based on total e-commerce as reported by eMarketer. Each site was analyzed based on a set of six criteria, with a scale of 0 to 10 points based on whether the criteria were met, and how well they were met. We tested password requirements, including minimum and maximum number of characters allowed & variety of character types allowed; whether these requirements were shown up front for the consumer; if the websites employed a password strength meter to encourage longer passwords; use of security questions, and the obscurity of the questions asked; whether HTTPS is used when any information is entered; how much personal information is collected (name, birthday, address, email, phone); how accessible that data was when you’re logged in; and whether payment information is stored in the online account, and how accessible that is when you’re logged in. The top retailers were ranked with scores from highest to lowest.



  • Steve K says:

    it would be nice to know how securely they are storing info in the backend.

  • Anderson says:

    Online shopping is easier for the customers but some online shopping websites are not secure. No matter which device you use and which website you surf, phone numbers are disposable for online shopping. You may get endless advertising messages from time to time and wonder how can others get your phone number. Sign up with phone numbers on websites can be a reason for revealing. If the website was hacked, your phone number would fall into offenders’ hands. They can trace your private information like ID number, back account… Isn’t that shocking? Everything of what you have can be robbed without knowledge. Thant is why we should use secure websites that allow multi-level authentication to keep our personal data secure.

  • Angel says:

    My e-mail doesn’t work at time.