Apple Password Management Ranked Most Secure Out of 100 E-Commerce Websites

Discussion in 'iOS Blog Discussion' started by MacRumors, Jan 24, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    In a comprehensive study of the password security policies of 100 e-commerce websites, Apple was the only site to receive a perfect score of 100.

    Conducted by password-management company Dashlane (via Ars Technica), the Personal Data Security in E-Commerce Security Roundup [PDF] examined the password policies at various sites using 24 different criteria like acceptance of weak passwords and whether or not entry is blocked after failed attempts.

    [​IMG]
    While Apple was the only company to earn a score of 100, other companies, like Microsoft, Newegg, and Target also received high scores while Major League Baseball, Toys R Us and Aeropostale received some of the lowest scores.

    The study revealed that 55 percent of online retailers accepted weak passwords like "password" or "123456" and 51 percent made no attempt to block entry after 10 incorrect password entries. 61 percent did not provide advice on how to create a strong password, and 93 percent did not provide an on-screen password strength assessement.

    Apple, however, met and exceeded all criteria as the company has notoriously stringent password rules to encourage its users to create strong passwords.
    When a new Apple ID account is created, users must have a password with at least eight characters, one lower case letter, one capital letter, and one number. The password cannot contain multiple identical consecutive characters, it can't be a common password, and it can't be the same as the account name.

    Apple will also rate passwords as weak, moderate, or strong and it asks users to create security questions as well. When logging in with an Apple ID, three attempts at entering the wrong password will prompt a password reset via security questions or email authentication.

    As noted by Ars Technica, while the study looks at several aspects of password management, it does avoid some important criteria such as whether sites allow password entry through unencrypted HTTP password connections or allow resets via security questions.

    Article Link: Apple Password Management Ranked Most Secure Out of 100 E-Commerce Websites
     
  2. macrumors 6502a

    Joined:
    Jun 26, 2007
    #2
    newegg? Kidding right?
     
  3. macrumors 601

    dannyyankou

    Joined:
    Mar 2, 2012
    #3
    Can't get better than 100! :D
     
  4. macrumors 68000

    keysofanxiety

    Joined:
    Nov 23, 2011
    #4
    But ... but ... on my Android phone I don't have to type in passwords! I just have to use 'sIris' to recognise my eye and reveal my debit card details. Admittedly, there are a few flaws ... such as it thinking my eye colour was blue when they're actually brown. And I did manage to unlock my phone by pointing the camera towards a Mr. Potato Head.

    But customisability, guys! You're too locked down! #changingicons
     
  5. macrumors 68000

    Cuban Missles

    Joined:
    Dec 6, 2012
    Location:
    My heart is in Camagüey, the rest in the USA
    #5
    This obviously applies to password for your apple ID, but I wonder what they will have to say about the fingerprint reader and key chain. That is now where the real security threat is -- once you get into key chain you have access to pretty much everything. Personally, I am very happy with it all but I would be interesting to see how that scores.
     
  6. macrumors 601

    dannyyankou

    Joined:
    Mar 2, 2012
    #6
    But animated wallpapers are so c00l! Who cares if customization opens up the possibility of battery drain, viruses, and hackers? I want my widgets and Swype keyboard!
     
  7. macrumors 6502

    UnfetteredMind

    Joined:
    Jun 6, 2012
    #7
    C'mon Dicks ... get it up!
     
  8. macrumors regular

    Msail30bay

    Joined:
    Jan 4, 2014
    Location:
    Penn., USA
    #8
    Target in the Top 10…...:confused: Really! Since when? And J.Crew at the bottom -55, Yikes! Guess gotta visit the store more and not online.
     
  9. macrumors 68000

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #9
    And still they don't have 2-factor authentication on the icloud.com web site, which not only gives anybody who manages to steal your password full access to your email and personal info, but also allows them to remotely wipe your devices or Macs via "Find My ..."
     
  10. macrumors 601

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #10
    Where are the websites with 2 factor auth?

    PayPal google?
    Msft doesn't even have 2 factor
     
  11. macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    Location:
    ATL
    #11
    you win the internets

    ----------

    My Microsoft account that hosts one of my domains, does have two way. Loads into the Google Auth app.
     
  12. macrumors 6502

    Joined:
    Dec 2, 2005
    Location:
    Germantown, MD
    #12
    This kind of surprises me, as Apple still has no password expiration policy or review of older password requirements. I was kind of surprised to find out one of our test accounts has been running around with a... fairly insecure password for a long time without any prompt to change. It definitely wouldn't pass the new account standards now.
     
  13. macrumors 68000

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #13
    All of the sites you mentioned support 2-factor authentication.
     
  14. macrumors 65816

    nooaah

    Joined:
    Sep 3, 2009
    Location:
    Philadelphia, PA
    #14
    Swype actually is really huge. Categorizing it with animated wallpapers is silly.
     
  15. macrumors 68030

    Analog Kid

    Joined:
    Mar 4, 2003
    #15
    If this is even remotely correlated to actual security, then Amazon's place on this list concerns me greatly...
     
  16. macrumors 6502a

    Joined:
    Nov 10, 2003
    Location:
    outside the crazy house, NC
    #16
    The only thing this list really demonstrates is that Apple are quick to notify users if they are using stupidly simple passwords. The security of the site isn't being assessed and the bottom ranking sites failings are easily addressed by the user using a complex password.

    If you use a password manager or have your own complex password algorithm then there is almost no difference in security between the highest and lowest. It all comes down to how smart the user is.

    ----------

    It isn't. It's just basically a measure of how effective a password tutorial each site provides.
     
  17. Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #17
    I'm driven crazy by websites that refuse to allow certain characters in passwords. Some sites reject my nicely secure choices saying that passwords must contain only letters and digits, no special characters or no spaces, and often with rather short maximum sizes. What do these sites have to gain by such restrictions? Applying minimum requirements is reasonable but why do they apply "maximum" requirements?
     
  18. Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Detroit, Michigan
    #18
    I feel your pain of frustration too and have ofttimes wondered that myself.
     
  19. macrumors 6502a

    Joined:
    Aug 26, 2010
    Location:
    NY
    #19
    You're absolutely right! Golly Gee! Death to OS X for having customization! It never occurred to me that I need anti-virus because I can install whatever I want on my Macbook!

    Know of any good iOS laptops? And can I have a cool-aid logo on it as well?!
     
  20. macrumors newbie

    Joined:
    Jan 19, 2014
    #20
    Where is Google?

    Where is Google? I use Gmail...... I hope my account does not get hacked...
     
  21. macrumors regular

    Joined:
    May 9, 2013
    #21
    It's based on the top 100 e-commerce sites.
     
  22. JAT
    macrumors 603

    Joined:
    Dec 31, 2001
    Location:
    Mpls, MN
    #22
    Still running on DOS?
     
  23. macrumors G3

    charlituna

    Joined:
    Jun 11, 2008
    Location:
    Los Angeles, CA
    #23
    I've been using touch id and it works rather well. All of my roommates have tried to trick it and nothing. Especially since they can't get a clean print of my finger.

    Also you have the option to not use it for iTunes. It can't be used for turning off find my iPhone etc.

    And this was an assessment of online site practices so it doesn't cover Touch ID and similar. They would need a different rating list

    ----------

    If someone manages to steal your password you have bigger issues than a lack of two step authentication.

    ----------

    There have been zero confirmed successful brute force attacks on Apples systems so user created passwords would be the weakest link.

    And Apple isn't about to talk about how they secure their servers since that would just help those that want to try again
     
  24. macrumors 6502a

    Joined:
    Apr 23, 2012
    #24
    And Amazon...?
     
  25. macrumors member

    Joined:
    Jul 14, 2008
    #25
    Microsoft does, and has for quite a long time, supported two-factor authentication. They use the same algorithm as Google, LastPass, and DropBox to name a few.
     

Share This Page