Password management app Dashlane has enlisted a group of researchers to assess and rank the password policy and security of 37 consumer and 11 enterprise websites. The study examined five password security criteria to result in a point-based ranking system, with points awarded for the following categories: requiring 8+ characters, needing alphanumeric passwords, including a password strength assessment indicator, passing brute force attack simulations, and supporting 2-factor authentication.

Based on these data points, the Apple ID sign-in page scored a 4/5 and earned a "Good" ranking. Apple passed on all criteria except for the brute force attack test, where researchers said they were never presented with a security warning ("such as a CAPTCHA code or the account automatically locking") after entering incorrect credentials 10 times in a row. Dashlane mentioned that the study was completed during the week of July 5 - July 14, 2017.

apple passwords id login

"We created the Password Power Rankings to make everyone aware that many sites they regularly use do not have policies in place to enforce secure password measures. It's our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account," said Dashlane CEO Emmanuel Schalit. "However, companies are responsible for their users, and should guide them toward better password practices."

Above Apple with perfect scores were GoDaddy, Stripe, and QuickBooks, but at the very low end with a score of 0/5 were Netflix, Pandora, Spotify, Uber, and Amazon Web Services. Dashlane said that in total 46 percent of consumer sites have "dangerously lax" password policies, while 36 percent of enterprise websites face the same issue.

The researchers said that some of the more troubling findings related to being able to create a password using nothing but the lowercase letter "a" on Amazon, Dropbox, Google, Instagram, LinkedIn, Netflix, Spotify, Uber, and Venmo. The Apple ID sign-in page was one of six sites that did not have a policy to prevent brute force attacks, also including Dropbox, Google, Twitter, Venmo, and Walmart.

Visit Dashlane's website here for more information on the 2017 Password Power Rankings, including a few infographics. Dashlane has performed similar studies of password security policies in years past.

Tag: Dashlane

Top Rated Comments

gsmornot Avatar
gsmornot
98 months ago
I use a few sites that limit my password to 10 characters. They should call them out.
Score: 9 Votes (Like | Disagree)
justperry Avatar
justperry
98 months ago
Captcha should be renamed to Crapcha, worthless piece of crap, I had serious issues registering on a few websites due to this Crapcha, nowadays it tends to give you a picture with grids, next you have to pick some which have certain 'things' in it like cars or shops, they are Crap too, sometimes it takes a minute to complete.


Anyone not using 2 factor authentication is basically inviting people to take their personal information.
Erm, No, it (also) depends on the websites they visit, you could avoid them but I am pretty sure some people need to be on those sites, for instance job related.
Score: 6 Votes (Like | Disagree)
dampfnudel Avatar
dampfnudel
98 months ago
In fairness Apple are very good at not allowing unauthorised people into your account as I've learned myself. Some person whom I don't know tried to enter my password several times without success, blocking the account. I didn't have security remedies setup so I lost my account.... Oh well, now I use 2 factor authentication for all my major accounts. Happy days.
Anyone not using 2 factor authentication is basically inviting people to take their personal information.
Score: 4 Votes (Like | Disagree)
ChrisA Avatar
ChrisA
98 months ago
Ten attempts is not "brute force". Brute force attacks typically require hundreds of thousands or millions of attempts. And there are ways of preventing them that don't annoy users. The simplest one is to simply not prpcesspasswords really fast. Make shure it takes at least 5 or 10 second before saying "wrong, try again". When limited to only one try every 5 seconds brute force could take years.
Score: 3 Votes (Like | Disagree)
DCYorke Avatar
DCYorke
98 months ago
Captcha is hardly needed when 2FA is enabled and it's just a pain for everyone, they shouldn't've lost points for that one. However, requiring a number should not be seen as increased security, especially when apple doesn't allow "correct horse battery staple" type passwords. It'd be much better to allow long passwords with spaces than to require numbers to be added.
Score: 3 Votes (Like | Disagree)
justperry Avatar
justperry
98 months ago
Not a bad rating at all considering some celebrities got their iCloud accounts nt compromised. Kudos to Apple for doing a great job!
Because those celebs used easy to guess passwords or something else THEY did, it wasn't Apple's servers or software that got compromised.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

apple launch feb 2025 alt

Here Are the New Apple Products We're Still Expecting This Spring

Thursday February 20, 2025 5:06 am PST by
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring. There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category. M4...
Read Full Article61 comments
prioritize notifications ios 18 4

Everything New in iOS 18.4 Beta 1

Friday February 21, 2025 1:08 pm PST by
Apple finally released the first beta of iOS 18.4 to developers for testing purposes, and while the beta is lacking some of the Apple Intelligence features we were hoping for, there are some notable new additions. Subscribe to the MacRumors YouTube channel for more videos. Priority Notifications - Apple Intelligence There is a new Priority Notifications feature that can show you your most...
Read Full Article92 comments
Apple iPhone 16e Feature

Apple Announces iPhone 16e With A18 Chip and Apple Intelligence, Pricing Starts at $599

Wednesday February 19, 2025 8:02 am PST by
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued. The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
Read Full Article691 comments
ios 18 4 ambient music

iOS 18.4 Adds New Ambient Music Feature

Friday February 21, 2025 11:06 am PST by
In iOS 18.4, there's a new Ambient Music option that can be added to Control Center. There are four different sound categories, including Sleep, Chill, Productivity, and Wellbeing. Each category can be added to Control Center separately, and tapping one plays a random selection of sounds or music from that particular category. You can't choose what's playing from Control Center, but if...
Read Full Article39 comments
iphone 17 pro asherdipps

iPhone 17 Pro Models Rumored to Feature Aluminum Frame Instead of Titanium Frame

Tuesday February 18, 2025 12:02 pm PST by
Over the years, Apple has switched from an aluminum frame to a stainless steel frame to a titanium frame for its highest-end iPhones. And now, it has been rumored that Apple will go back to using aluminum for three out of four iPhone 17 models. In an investor note with research firm GF Securities, obtained by MacRumors this week, Apple supply chain analyst Jeff Pu said the iPhone 17, iPhone...
Read Full Article176 comments
iPhone 16e Feature

Apple Denies Speculation Surrounding iPhone 16e's Lack of MagSafe

Friday February 21, 2025 8:01 am PST by
Apple has confirmed that its custom-designed C1 modem in the iPhone 16e has nothing to do with the device's lack of MagSafe support, according to Macworld. Following the launch of the iPhone 16e, there was some speculation online about how MagSafe magnets might have interfered with the C1 modem's cellular connectivity performance, and this was considered to be a potential reason for the...
Read Full Article160 comments
Generic iOS 18

Here's When Apple Will Release iOS 18.4

Wednesday February 19, 2025 11:38 am PST by
Following the launch of the iPhone 16e, Apple updated its iOS 18, iPadOS 18, and macOS Sequoia pages to give a narrower timeline on when the next updates are set to launch. All three pages now state that new Apple Intelligence features and languages will launch in early April, an update from the more broader April timeframe that Apple provided before. The next major point updates will be iOS ...
Read Full Article46 comments
oppo find n5 fingers

World's Thinnest Foldable Phone Launches in Europe and Asia

Thursday February 20, 2025 8:55 am PST by
Oppo has launched the Find N5, the world's thinnest foldable phone yet. When closed, the book-style foldable measures 8.93mm. That's less than a millimeter thicker than an iPhone 16 Pro, and thinner than the Honor Magic V3, which was the previous record holder. The device is barely thicker than its USB-C port. Indeed, Oppo has suggested that the obstacle to making it any thinner is now "the...
Read Full Article179 comments