A new report by Dashlane found that 89% of travel sites leave their users' accounts perilously exposed to hackers due to unsafe password practices.

The Travel Website Password Power Rankings found that only 11% (6/55) passed with a score of 4/5 or better, and only one travel-related website received a perfect 5/5 score: Airbnb. Unlike Airbnb, other household names, American Airlines and Carnival Cruise Lines failed, receiving a score of 1/5. The websites even allowed Dashlane researchers to set up accounts with alphanumeric passwords "12345" and "password."

"I believe that traveling is the single greatest opportunity to de-stress from daily life and broaden our horizons," states Emmanuel Schalit, CEO at Dashlane. "However, the modern traveler has to reckon with the many digital hazards associated with a journey — from booking flights, to reserving hotel rooms, to renting a car or looking online for recommendations — which creates many chances for personal data to become compromised. Our intention in ranking travel sites is not to scare people away from one of life's greatest pleasures, but to make the modern traveler more aware. The days of worrying about just pickpockets are over, digital thieves are the real threat."

2018 Rankings

  • 5/5 Score (Best)
    • Airbnb
  • 4/5 Score
    • Hawaiian Airlines
    • Hilton
    • Marriott
    • Royal Caribbean
    • United Airlines
  • 3/5 Score
    • Alamo
    • Alaska Airlines
    • Avis
    • Best Western
    • Booking.com
    • Budget
    • Delta Airlines
    • Enterprise
    • Frontier Airlines
    • Hertz
    • Hostelbookers
    • Hyatt
    • KAYAK
    • Momondo
    • National
    • Priceline
    • Skyscanner
    • Southwest Airlines
    • Spirit Airlines
    • Travelzoo
  • 2/5 Score
    • Couchsurfing
    • Disney Cruise Line
    • Expedia
    • Holland America
    • HomeAway/VRBO
    • Hostelworld
    • Hotels.com
    • JetBlue
    • Orbitz
    • Sheraton
    • Sun Country
    • Thrifty
    • Travelocity
  • 1/5 Score
    • Accor Hotels
    • Agoda
    • Air Canada
    • Allegiant Air
    • American Airlines
    • Carnival Cruise Line
    • Choice Hotels
    • CruiseCritic
    • Hostelz
    • Hotwire
    • Intercontinental Hotel Group
    • Skiplagged
    • Student Universe
    • Trip Advisor
    • Trivago
  • 0/5 Score (Worst)
    • Norwegian Cruise Line

Critical Security Lapses
Travel sites failed to protect user data across a number of factors. 

  1. 2FA Failings: 96% travel sites tested do not provide 2FA (two-factor authentication). 
  2. Dashlane found that 81% of travel sites did not even provide users with a password strength assessment tools during the account creation process.
  3. Poor Security Practices: When compared to results of Dashlane's 2017 rankings of leading consumer websites, and the more recent 2018 rankings comparing the cryptocurrency exchanges, travel sites performed especially poorly. In the consumer rankings, which examined sites such as Apple, Facebook, and PayPal, only 36% received a failing score. That is in extremely stark contrast to the 89% of sites that failed Dashlane's 2018 travel examination.

    The travel website category with the worst average score belongs to the cruise industry (1.67/5), closely followed by booking websites (2/5). On the other end of the spectrum, rental car websites as a group scored the best on average (2.86/5), but across all categories the scores were poor.