Researchers have put big-name travel and booking sites to the test to see how their security practices fare against other online services. If the results are anything to go by, we should all take extra precautions to secure our personal data when booking a flight and a hotel room, or renting a car.
Analyzing the data for its first Travel Website Password Power Rankings report, password manager developer Dashlane found that 89% of booking sites leave users’ accounts dangerously exposed to bad actors due to unsafe password practices.
The company tested each website on five critical criteria, and ranked each site’s performance on a five-star scoring system. The results were not good, as the chart above shows.
Notably, 96% of travel sites tested did not provide 2FA (two-factor authentication), where the system asks users to validate their identity on a second platform, such as their phone, or service, such as their email.
Most big-name booking and travel agencies, including Booking.com, Hertz, American Airlines and InterContinental Group, scored poorly in areas like two-factor-authentication (2FA), and in assessing password strength when accounts are created.
And cruise company Norwegian Cruise Line flunked on all points of security best practices, receiving zero stars. At the other end of the spectrum lay hospitality service Airbnb, with 5 out of 5 stars.
“When compared to results of Dashlane’s 2017 rankings of leading consumer websites, and the more recent 2018 rankings comparing the cryptocurrency exchanges, travel sites performed especially poorly,” reads the report. “In the consumer rankings, which examined sites such as Apple, Facebook, and PayPal, only 36% received a failing score. That is in extremely stark contrast to the 89% of sites that failed Dashlane’s 2018 travel examination.”
Users are encouraged to employ a unique password for every online account they create. That password should be at least eight characters long with a mix of case-sensitive letters, numbers and special symbols.
But if other studies are any indication, convenience usually wins. That, perhaps, is at least part of the reason almost every big-name travel agency avoids turning their service into a cyber-security hassle.