The Most (and Least) Secure Online Retailers in the Country
When scrambling to check names off your gift list, it doesn’t get more convenient than shopping online…except for that nagging worry you’re opening yourself up to identity theft. Luckily, some of these e-retailers have gone that extra step to make sure your data is safe. Unfortunately, we can’t say that for all…
The most secure: Apple
Experts forecast this holiday season will push 2018’s online sales to a record-breaking $124.1 billion (a 15 percent increase over last year), so data security is more important than ever, the folks at LastPass, a free password management app, tell Reader’s Digest. That’s why LastPass dug into the data security policies practiced by the top 10 U.S. e-retailers (ranked as such based on e-retail sales in billions during 2018) to rank them from most to least secure. Apple ranked as most secure e-retailer among the top ten e-retail sites for the following reasons:
- The site runs on HTTPS (the secure version of HTTP), although so do all the e-retailers listed here, even the bottom five.
- The registration process offers guidance on choosing a strong password, including a password strength meter.
- It doesn’t permit registration by linking to a social media account, which might seem convenient, but actually puts your data from both the shopping site and the social media account at risk.
- It asks for security questions.
- It offers two-factor authentification for customer accounts (2FA), which greatly decreases your odds of being hacked, according to LastPass. The way 2FA works is you not only need to enter your password to log in, but also a code that is sent to your phone. If you’re offered 2FA, LastPass says you should always take it.
Find out the 12 telltale signs you’re shopping on a fake site.
Admirably secure: Best Buy
Like Apple, Best Buy runs on HTTPS, offers password guidance and doesn’t permit registration via any social media account. Although Best Buy scores points for requiring your phone number, that step doesn’t quite rise to the level of 2FA, pushing it into second place, behind Apple. Find out the things you shouldn’t buy online.
Admirably secure, with a caveat: The Home Depot
Like Apple and Best Buy, The Home Depot runs on HTTPS and offers password guidance. It also generates a 15-character random password made up of upper- and lower-case letters as well as numbers, although please note: if you choose that password, it gets stored in your Google account if you’re using Chrome as a browser. While that might seem convenient, it isn’t great for your data security, for the same reason linking your account to social media isn’t.
Admirably secure, with a caveat: Amazon
Amazon is the only other e-retailer of the ten listed here, besides Apple, to offer 2FA (which is actually a rarity among online shopping sites, with only 13 percent of online e-retailers are using it, compared with 45 percent of all businesses). While Amazon offers 2FA and uses HTTPS, it allows you to link social media accounts and fails to offer password guidance. Stumped at what to get that hard-to-shop-for friend? Here are some gift ideas from Amazon.
Pretty secure: Qurate Retail Group (QVC, HSN, Zulily)
Although the Qurate shopping sites use HTTPS, provide password guidance, asks security questions, and even requires a phone number or street address to create an account, none of the sites allow for passwords longer than 20 characters, and two of the sites (HSN and Zulily) permit social media registration and log-in.
Less secure: Costco
Costco falls into the bottom half of the top ten e-retailers, according to LastPass, because it doesn’t allow passwords longer than 20 characters, doesn’t require passwords to contain special characters or numbers, and doesn’t support any form of 2FA.
Less secure: Macy’s
On the plus side, according to LastPass, Macy’s runs on HTTPS and requires a birthday when creating an account (which is a form of authentication, although it doesn’t rise to the level of 2FA). On the downside, Macy’s doesn’t allow passwords that are longer than 20 characters and doesn’t require special characters or numbers. These are the online scams you need to know about—and how to avoid them.
Less secure: eBay
Although eBay runs on HTTPS, it allows you to sign in with Facebook or Google, which LastPass sees as a significant enough risk to your data security to cause it to rank in the bottom three e-retailers. LastPass would advise you not to take that “convenient” option and instead sign in to eBay singularly. Here’s how to protect yourself online to avoid being scammed.
Less secure: Walmart
Although it runs on HTTPS and doesn’t allow for social media registration, Walmart doesn’t allow for passwords longer than 12 characters, which LastPass identifies as a significant weakness in its data security. The shorter the password, the folks at LifePass tell us, the easier and more likely it is to be hacked. In addition, Walmart passwords can be all lower case letters, which just adds to the hacking risk.
Least secure: Wayfair
Wayfair is lagging way behind in terms of data security due to these issues identified by LastPass:
- Wayfair allows Google registration and login.
- NO minimum password length
- No password guidance
- No 2FA
- If you forget your password, they’ll send you an email with a link that lets you sign in without creating a new password.
Next, learn the secrets an identity thief doesn’t want you to know.