The websites of major companies in the travel industry do
not provide users with adequate protection from hackers, according to an analysis
by the digital security company Dashlane.
"Big names in the travel industry often come under fire
for their physical treatment of customers, receiving public blowback on social
media for flight delays, egregious treatment of passengers, or even food-borne
illnesses," Dashlane CEO Emmanuel Schalit said in a statement. "In
many cases the result is a close examination of business practices and positive
shift. The travel industry should treat their cybersecurity failings in much
the same fashion, and make the necessary changes."
In its first Travel Website Password Power Rankings,
Dashlane evaluated 55 of the most popular travel-related websites to see how
many of five key password-security measures they took.
Dashlane checked to see if websites required passwords to be
eight characters or more; if they prevented passwords from being created with
either all numbers or all letters; if they offered a password-strength
assessment tool; if they sent a user activation email after an account was created;
and if they required two-factor authentication -- such as a password
complemented by a specific USB stick.
Websites that employed at least four of those measures were
awarded a passing grade.
Using that methodology, Dashlane gave failing grades to 89%
of the travel industry websites it analyzed. Just six passed.
Leading the way was Airbnb, which was the only company to
score a perfect five for five. Hawaiian Airlines, Hilton, Marriott, Royal
Caribbean and United each passed the Dashlane test with scores of four out of
Bringing up the rear was Norwegian Cruise Line, which
Dashalne says does not provide adequate password security in any of the five
criteria. Fifteen websites scored just one of out five in the analysis, among
them American Airlines, Carnival, Trip Advisor and Trivago.