With the holidays just around the corner, Cyber Monday is a great opportunity to knock out your holiday shopping list, but at what cost? We did some investigating into the top e-retailers to see which sites make protecting your online information a priority so that gift shopping doesn’t cost you more than it should this holiday season.
We identified the top e-retailers based on e-commerce sales in 2015 and analyzed each website on a set of six criteria. The criteria was then ranked on a scale of 0 to 10 points, depending on how well those criteria were met. Each retailer then received an overall ranking based on their password requirements, how much information they store, and how much effort they put into helping customers follow good password security practices. Check out the results in the infographic below.
- The more password requirements, the better. By now we all know we need to have strong, unique passwords for every account. Still, it can be easy to just pick a simple, easy-to-remember password when you’re racing to the checkout. In our recent survey that looked at the psychology of password behavior, we found that only 43 percent of people prioritize their retail accounts when it comes to creating strong passwords. It’s always a good sign when a website requires you to include a variety of uppercase and lowercase letters, numbers and symbols. Bonus points if it allows or requires a long password (for instance, at least 20 characters).
- Password strength meter is a plus. All top five e-retailers offer a password strength meter, so you know just how strong your password is. Looking for a second opinion? Take the security challenge in your LastPass vault and see not only how strong your password is but how similar it may be to other account passwords you have.
- Avoid saving too much information in your profile. Having your address, credit card information, billing and shipping information saved in your online account makes online shopping more convenient for consumers, but it can also make stealing information more convenient for hackers. The less information you save in your shopping accounts; the less information a hacker gains access to in the event of a breach.
- Offering two-factor authentication. Surprisingly, we found that none of the websites we researched readily offered two-factor authentication, which means that even the most secure websites have not yet adopted some of the additional layers of security that are available today. When setting up an online account with an e-retailer (or any website), be sure to check the security settings and set up two-factor authentication whenever possible.
How’d We Get These Results?
The study was conducted by LastPass in October 2016. We compared the websites of the top 25 online retailers in the US in 2015 based on total e-commerce as reported by eMarketer. Each site was analyzed based on a set of six criteria, with a scale of 0 to 10 points based on whether the criteria were met, and how well they were met. We tested password requirements, including minimum and maximum number of characters allowed & variety of character types allowed; whether these requirements were shown up front for the consumer; if the websites employed a password strength meter to encourage longer passwords; use of security questions, and the obscurity of the questions asked; whether HTTPS is used when any information is entered; how much personal information is collected (name, birthday, address, email, phone); how accessible that data was when you’re logged in; and whether payment information is stored in the online account, and how accessible that is when you’re logged in. The top retailers were ranked with scores from highest to lowest.