Target.com Gets High Marks for Password Security

Target Corp. may be engulfed in data security issues, but the strength of customer passwords at Target.com isn't likely one of them.

The Minneapolis-based retailer tied for No. 4 in the nation for its online customer password policies, according to a first-ever study by the company Dashlane Inc., scoring 60 of 100 possible points. Only Apple Inc., at No. 1., scored a perfect 100.

Best Buy Co. Inc. tied for No. 11 with a score of 40. E-tailing colossus Amazon fared poorly with a score of -40, tying for No. 63.

"Anything above 45 is pretty good," said Dashlane CEO Emmanuel Schalit in an interview. "What's concerning in this study is to find so many sites, including pretty large players, that are not paying attention to this problem."

Hackers are armed with increasingly sophisticated tools to break passwords as shopping migrates online. Target and Richfield-based Best Buy are shifting more and more resources online as they work to hold their ground against e-tailers such as Amazon.com.

Only 10 percent of the 100 retailers in Dashlane's study scored 45 or above, and more than half still accept lazy passwords such as "123456," "111111" or even "password," it found. Half of the companies don't block logins even after 10 incorrect password tries, including Amazon, Dell, Best Buy, Macy's and Williams-Sonoma.

In one major D'oh!, Dashlane noted that MLB, the official site for Major League Baseball, allows shoppers to use the word "baseball." Amazon, Wal-Mart, Office Depot and Macy's were among those retailers with scores at or below 30.

Shoppers themselves don't appear to be clamoring for stricter password policies.

A separate poll out Monday in the wake of Target's data breach shows that American shoppers say they are very or extremely concerned about the safety of their personal information in stores and online, but aren't changing their behavior much to...

Comments are closed.