GoDaddy and QuickBooks Have the Best Password Policies; Dropbox, Netflix Have Worst

GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5.

“We created the Password Power Rankings to make everyone aware that many sites they regularly use do not have policies in place to enforce secure password measures. It’s our job as users to be especially vigilant about our cybersecurity, and that starts with having strong and unique passwords for every account,” said Dashlane CEO Emmanuel Schalit. “However, companies are responsible for their users, and should guide them toward better password practices.”

To determine the ranking, Dashlane researchers examined sites against password security criteria, such as requiring eight or more-character passwords with a combination of letters, numbers, and symbols, and offering two-factor authentication. A site received a point for each test where it performed positively, for a maximum, and top score, of five.  A score of 3/5 was deemed as passing and meeting the minimum threshold for good password security (complete methodology below).


5/5 Score (Best)_

4/5 Score

  • Apple
  • Best Buy
  • The Home Depot
  • Microsoft/Live/Outlook
  • PayPal
  • Skype
  • Toys “R” Us
  • Tumblr

3/5 Score

  • Airbnb
  • Facebook
  • Google
  • Reddit
  • Slack
  • Snapchat
  • Staples
  • Target
  • Twitch
  • WordPress
  • Yahoo

2/5 Score

  • Amazon
  • eBay
  • LinkedIn
  • Starbucks
  • Twitter
  • Venmo

1/5 Score

  • Dropbox
  • Evernote
  • Instagram
  • Macy’s
  • Pinterest
  • SoundCloud
  • Walmart

0/5 Score (Worst)

  • Netflix
  • Pandora
  • Spotify
  • Uber


5/5 Score

  • Stripe
  • QuickBooks

4/5 Score

  • Basecamp
  • Salesforce

3/5 Score

  • GitHub
  • MailChimp
  • SendGrid

2/5 Score

  • DocuSign
  • MongoDB (mLab)

1/5 Score

  • Amazon Web Services
  • Freshbooks