Walmart among lowest-ranked sites in new personal security report

A new study reveals that Walmart puts online consumers’ personal data at risk, given the limited standards Walmart requires for users’ passwords. Walmart was named among the lowest-ranked companies evaluated in the study, with a score of -35, on a scale from -100 to 100, where 100 is the best.

The study, compiled by password security firm Dashlane, evaluated the password policies of the top one hundred e-commerce sites in the US, based on two dozen criteria. For customer account passwords, Walmart requires only a minimum of six characters, does not require numbers or capital letters, accepts numerous commonly used passwords (including “password” and “123456”), and continues to allow normal login attempts after four incorrect passwords. Walmart does not provide advice on strong passwords when they’re created or show an assessment of password strength. The company also does not send a confirmation email when an account is created, eliminating an opportunity for consumers to spot fraudulent activity.

Dashlane explains the hazards of lax password policies like Walmart’s:

The danger with a weak password policy is that it leaves users’ personal data vulnerable. The weaker the password, the easier it is for hackers to break into an account. Therefore, sites with lenient password policies are leaving their users exposed to greater risk.

Just a few months ago, Walmart was the subject of another negative report detailing the company’s online privacy practices. The report states that Walmart could have the personal data of more than 145 million Americans, and the technical analysis found that Walmart shares that data with more than 50 third party companies, a fact that is largely obscured by the company’s 4,500-word privacy policy. This latest revelation shows that Walmart is putting its consumers at even greater risk, by not protecting their personal data with common sense, stronger passwords.

What do you think?