TLB 9.15.16

2018 Travel Website Password Power Rankings™

Press Release from Dashlane

NEW YORK, May 2, 2018 /PRNewswire/ -- Dashlane, one of the world's most trusted digital security companies, today announced the results of its first Travel Website Password Power Rankings™. The rankings, which examined password and account security on 55 of the world's most popular travel-related sites, found that 89% of sites leave their users' accounts perilously exposed to hackers due to unsafe password practices.

2018 Travel Password Power Rankings

Dashlane researchers tested each website on five critical password and account security criteria. A site received a point for each criterion it met, for a maximum score of 5/5. Any score below 4/5 was considered failing and not meeting the minimum threshold for good password security.

Only 11% (6/55) passed with a score of 4/5 or better, and only one travel-related website received a perfect 5/5 score: Airbnb. Unlike Airbnb, other household names, American Airlines and Carnival Cruise Lines failed, receiving a score of 1/5. The websites even allowed Dashlane researchers to set up accounts with alphanumeric passwords "12345" and "password."

"I believe that travelling is the single greatest opportunity to de-stress from daily life and broaden our horizons," states Emmanuel Schalit, CEO at Dashlane. "However, the modern traveler has to reckon with the many digital hazards associated with a journey — from booking flights, to reserving hotel rooms, to renting a car or looking online for recommendations — which creates many chances for personal data to become compromised. Our intention in ranking travel sites is not to scare people away from one of life's greatest pleasures, but to make the modern traveler more aware. The days of worrying about just pickpockets are over, digital thieves are the real threat."

For more information, including the full data set, go to:

2018 Rankings

  • 5/5 Score (Best)
    • Airbnb
  • 4/5 Score
    • Hawaiian Airlines
    • Hilton
    • Marriott
    • Royal Caribbean
    • United Airlines
  • 3/5 Score
    • Alamo
    • Alaska Airlines
    • Avis
    • Best Western
    • Budget
    • Delta Airlines
    • Enterprise
    • Frontier Airlines
    • Hertz
    • Hostelbookers
    • Hyatt
    • KAYAK
    • Momondo
    • National
    • Priceline
    • Skyscanner
    • Southwest Airlines
    • Spirit Airlines
    • Travelzoo
  • 2/5 Score
    • Couchsurfing
    • Disney Cruise Line
    • Expedia
    • Holland America
    • HomeAway/VRBO
    • Hostelworld
    • JetBlue
    • Orbitz
    • Sheraton
    • Sun Country
    • Thrifty
    • Travelocity
  • 1/5 Score
    • Accor Hotels
    • Agoda
    • Air Canada
    • Allegiant Air
    • American Airlines
    • Carnival Cruise Line
    • Choice Hotels
    • CruiseCritic
    • Hostelz
    • Hotwire
    • Intercontinental Hotel Group
    • Skiplagged
    • Student Universe
    • Trip Advisor
    • Trivago
  • 0/5 Score (Worst)
    • Norwegian Cruise Line

Critical Security Lapses
Travel sites failed to protect user data across a number of factors.

  1. 2FA Failings: A staggering 96% travel sites tested do not provide 2FA (two-factor authentication). The security benefits of enabling 2FA are well documented. In fact, Dashlane recommends enabling 2FA on all sensitive accounts.

    Additionally, Dashlane found that 81% of travel sites did not even provide users with a password strength assessment tools during the account creation process.
  2. Poor Security Practices: When compared to results of Dashlane's 2017 rankings of leading consumer websites, and the more recent 2018 rankings comparing the cryptocurrency exchanges, travel sites performed especially poorly. In the consumer rankings, which examined sites such as Apple, Facebook, and PayPal, only 36% received a failing score. That is in extremely stark contrast to the 89% of sites that failed Dashlane's 2018 travel examination.

    The travel website category with the worst average score belongs to the cruise industry (1.67/5), closely followed by booking websites (2/5). On the other end of the spectrum, rental car websites as a group scored the best on average (2.86/5), but across all categories the scores were poor.

"Big names in the travel industry often come under fire for their physical treatment of customers, receiving public blowback on social media for flight delays, egregious treatment of passengers, or even foodborne illnesses," continued Schalit. "In many cases the result is a close examination of business practices and positive shift. The travel industry should treat their cybersecurity failings in much the same fashion, and make the necessary changes, such as adding 2FA, in order to protect customers' digital privacy."

Travel Security Best Practices
For travels near and far, these are a few easy actions that everyone should take to improve their own online security:

  • Use a unique password for every online account
  • Generate passwords that exceed the minimum of 8 characters
  • Create passwords with a mix of case-sensitive letters, numbers, and special symbols
  • Avoid using passwords that contain common phrases, slang, places, or names
  • Use a password manager to help generate, store, and manage your passwords
  • Under no circumstances should you use an unsecured WiFi connection (e.g. public WiFi) while travelling

The study was conducted by Dashlane researchers from April 16 – 20, 2018. The researchers evaluated five security criteria on 55 popular travel related websites. A site received a point for each criterion they met for a maximum score of 5/5. A score of 4/5 was deemed as passing and meeting the threshold for strong user password security. The rankings indicate the security levels of each website with regards to passwords and account protections only.

  1. 8+ Character Password
    Tested by creating a new account on each website. Dashlane researchers attempted to create passwords less than 8 characters irrespective of the site's stated minimum password requirements.
  2. Alphanumeric
    Tested by creating a new account on each website. Researchers attempted to create passwords with all letters ("password") or numbers ("123456").
  3. Password Strength Assessment
    Tested by creating a new account on each website. If the site provided any notification, such as a meter or color-coded bar, they were credited as providing an assessment. Sites that only provided confirmed password length or where requirements were met did not receive credit.
  4. Account Creation Email
    A site was credited if they sent the user a confirmation or activation email after the account was created. If the site sent a password in plain text they did not receive credit.
  5. 2-Factor Authentication
    Sites were credited if they provide any form of two-factor authentication.

About Dashlane
Dashlane, one of the world's most trusted digital security companies, takes the pain out of passwords with its password manager and secure digital wallet app. Dashlane allows users to securely manage passwords, credit cards, IDs, and other important information via advanced encryption and local storage.

With so many devices, the line between home and work no longer exists. Thankfully, Dashlane works everywhere, for everyone. The company has helped 9.5 million consumers manage and secure their digital identity and enabled over $13 billion in e-commerce transactions. Dashlane Business is trusted by 7,000+ companies to create, enforce, and track effective access management, and features the only patented security architecture in the industry.

The Dashlane app is available on PC, Mac, Android, and iOS and has won critical acclaim by top publications including The Wall Street Journal,The New York Times,and USA Today. Dashlane is free to use on your favorite device for life and costs $39.99/year to sync between an unlimited number of devices.

Dashlane was founded by Bernard Liautaud and co-founders Alexis Fogel, Guillaume Maron, and Jean Guillou. The company has offices in New York City and Paris and has received $52.5 million in funding from TransUnion, Rho Ventures, FirstMark Capital, and Bessemer Venture Partners. Learn more at

Companies Mentioned in this Press Release:
Business Categories Mentioned in this Press Release: