(Page 2 of 2)
"Apple is very strict," Schalit said.
But scores dropped precipitously after Apple into the sixties. At 60 points, Target tied for No. 4 with Los Angeles-based tech retailer Newegg Inc.
Target come up short mostly because its Web site doesn't advise customers creating an account about a password's strength. That feature alone was worth 30 points. It lost 5 points for allowing normal logins after four wrong passwords.
Online passwords haven't come up as an issue in Target's enormous holiday data security breach that exposed the financial and personal information of up to 110 million people.
"At this point in our ongoing investigation there is no indication that guest passwords are involved," Molly Snyder said.
Malicious "memory scraping" software inserted in the retailer's point-of-sale systems at the checkouts of its U.S. stores has been identified as the main culprit.
Best Buy spokesman Jeffrey Shelman said the firm is constantly looking for ways to have BestBuy.com be both secure and easy-to-use. "We have requirements in place to help customers with online security and we encourage them to use passwords that are not easy for criminals to hack," he said. "As we identify new methods to safeguard customer information, we will update our protocols as needed."
Dashlane's top recommendations for retailers: require passwords at least 8 characters long with a mix of upper and lowercases, numbers and symbols; block after 4 failed logins; give on-screen advice on how to choose a strong password; tell customers on-screen how good a password is.
Schalit said his firm will be doing the password survey quarterly to check progress.
© 2014 Star Tribune (Minneapolis, MN) under contract with YellowBrix. All rights reserved.