Does a strong password secure a user online? Can companies with strict or complex password requirements sit back and relax?
For a comprehensive view of how many popular sites compare to each other in terms of password/policy security, click here. Dashlane has given us an overview of how password policies on these sites compare to each other, which is important information to have when creating and using accounts online. However, once a password - no matter how complex it is - is compromised, users and sites are in danger again. Responding to CNBC in an article discussing these results, a spokesperson from Orbitz says: "We have always taken the security of our website and customer's personal information very seriously, and certainly long before this list was released...Password security does not necessarily guarantee website security, so we implement a series of industry standard security measures to keep our customer's information safe."
Orbitz's spokesperson is correct - a password policy alone isn't enough to assure a secure experience on a site, no matter how good it is or how well it stacks up against peers. To secure these interactions, additional methods are required. This can come in the form of two or multi-factor authentication, risk based analysis within a session, or any of a host of security strategies designed to secure an interaction without compromising user experience (for the legitimate user). No one factor can be relied on to "save the day".