A new survey shows Target scored in the top tier for tough policies protecting customer passwords. But another poll finds that consumers don't seem to pay much attention to – or value – such policies.
The Star Tribune reports Target tied for fourth for its online customer password policies in a national study of the top 100 e-commerce sites. The first-ever study, by Dashlane Inc., found the Minneapolis-based discounter scored 60 of 100 possible points. Richfield-based Best Buy tied for No. 11 in the survey, with a score of 40. Amazon tied for No. 63. Apple Inc., at No. 1., was the only retailer to land a perfect 100.
The study found that more than half the retailers accepted passwords known to be lax, such as “123456,” “111111” or “password” and didn't block logins even after 10 incorrect password tries. To boost online security, Dashlane recommends that retailers require passwords of at least 8 characters with a mix of uppercase and lowercase, numbers and symbols; block additional logins after four failed attempts; and give on-screen advice for choosing a strong password, then inform customers on-screen how good their password is.
Despite the problems from the data breach experienced by Target and other retailers, shoppers don’t appear worried about password policies.
The Associated Press reported that another poll released Monday finds a striking contradiction. It said that while a majority of shoppers say they are very or extremely concerned about the safety of their personal information, they aren’t changing behavior to protect it.
The AP-GfK Poll surveyed 1,060 adults. A majority of them said that they have not changed online passwords at store websites, asked for new credit or debit card numbers from their bank, or signed up for a credit monitoring service following the massive security breach at Target. The AP said that consumers are "apathetic" about data protection.
Online passwords haven’t come up as an issue in Target’s enormous holiday data breach that exposed information of up to 110 million people. Malicious software inserted in the retailer’s cash registers at store checkouts has been identified as the main culprit.