A new study reveals that Walmart puts online consumers’ personal data at risk, given the limited standards Walmart requires for users’ passwords. Walmart was named among the lowest-ranked companies evaluated in the study, with a score of -35, on a scale from -100 to 100, where 100 is the best.
The study, compiled by password security firm Dashlane, evaluated the password policies of the top one hundred e-commerce sites in the US, based on two dozen criteria. For customer account passwords, Walmart requires only a minimum of six characters, does not require numbers or capital letters, accepts numerous commonly used passwords (including “password” and “123456”), and continues to allow normal login attempts after four incorrect passwords. Walmart does not provide advice on strong passwords when they’re created or show an assessment of password strength. The company also does not send a confirmation email when an account is created, eliminating an opportunity for consumers to spot fraudulent activity.
Dashlane explains the hazards of lax password policies like Walmart’s:
The danger with a weak password policy is that it leaves users’ personal data vulnerable. The weaker the password, the easier it is for hackers to break into an account. Therefore, sites with lenient password policies are leaving their users exposed to greater risk.