If you’re among the crowd of people who still use “12345” as your online password, take heart. Many of today’s leading websites are still okay with that.
While this might be good news for lazy users—and hackers—its exceptionally bad news for consumers hoping to keep their data safe when making a travel purchase online.
MORE Travel Technology
A new study, the Travel Website Password Power Rankings released by digital security company Dashlane, found that 89 percent of travel sites leave their users’ accounts “perilously exposed to hackers due to unsafe password practices.”
For the study, Dashlane researchers tested five critical password and account security metrics at 55 of the world’s leading travel sites.
Each site received one point for each criterion it met for a maximum score of five out of five. Four out five was considered the minimum threshold for good password security and anything below four out of five was considered a failing grade.
Shockingly, only six of the 55 sites (11 percent) passed with a score of 4/5, and only Airbnb received a perfect 5/5 score. Passing sites were Airbnb, Hawaiian Airlines, Hilton, Marriott, Royal Caribbean and United Airlines.
The rest received failing grades, with at least 15 sites scoring a dismal one point
“I believe that traveling is the single greatest opportunity to de-stress from daily life and broaden our horizons,” said Emmanuel Schalit, CEO at Dashlane. “Our intention in ranking travel sites is not to scare people away from one of life’s greatest pleasures, but to make the modern traveler more aware.”
Dashlane also noted that travel sites perform “especially poorly” when compared to other consumer sites, such as Apple, Facebook and PayPal, of which only 36 percent received a failing score in a similar study.
Within the travel space, Dashlane found that the cruise industry had the worst average scores (1.67/5), followed closely by booking websites (2/5).
So what can a user do to protect their security when logging in to a travel site?
Dashlane recommends consumers look for two-factor authentication (2FA) on all accounts. Two-factor authentication requires users verify their account using an additional step beyond just entering a password. For example, using a thumbprint to unlock a mobile device or receiving a code via an SMS system to authenticate identity.
Dashlane also recommends users create a distinct password for every online account. Those passwords should be at least 8 characters (or longer) and use a mix of case-sensitive letters numbers and special symbols.
Avoiding passwords that have common phrases, slang, places, names or “12345” also helps boost online security.
Dashlane also recommends using the services of a password manager, such as its own products, to keep information safe. And finally, users should never (ever) use unsecured WiFi when traveling.
Experts predict the travel industry can start to expect an increasing number of cyber attacks and users should always take maximum precautions to keep their data safe.
For more information on the study, visit the Dashlane blog.