Many reading this are in the overachieving travel superhero club, balancing between hotel technology guru implementing your own brand’s marketing and technology and frequent traveler yourself. You may have half a dozen (or more) travel websites that you use regularly. We NEVER ever would use the unsecured public Wi-Fi connection, but have you ever given security a thought when logging onto your favorite travel website – how secure is it?
With all the news about data breaches, a recent study ranking the security of travel websites caught my attention. Perhaps the time has come to force users to create more secure passwords, and from the travel side bring in technology to make access more secure. As a hotel industry, let’s grab that top ranking spot back from AirBnB.

The study was conducted by Dashlane researchers from April 16 – 20, 2018 (full disclosure – Dashlane is a digital security company that manages passwords). The researchers evaluated five security criteria on 55 popular travel related websites. A site received a point for each criterion they met for a maximum score of 5/5. A score of 4/5 was deemed as passing and meeting the threshold for strong user password security.
The rankings, which examined password and account protection security on 55 of the world's most popular travel-related sites, found that 89 percent of sites leave their users' accounts potentially exposed to hackers due to unsafe password practices.
The highest ranking for 2018 travel website password security went to AirBnB with a score of 5/5.
Honorary mention goes to Marriott, Hilton and Royal Caribbean for scoring a good 4/5 ranking.
Average ranking went to Best Western, Hyatt, Booking.com, KAYAK, Priceline and Travelzoo with a 3/5.
Below average, with a ranking of 2/5, are Disney Cruise Line, Expedia, HomeAway/VRBO, hotels.com and Travelocity.
In the set we can just label “needs improvement” (receiving a 1 out of 5) are Accor Hotels, Choice Hotels, IHG, Carnival Cruise Line, Hotwire and Trivago.
There is definitely room for improvement when we look at the results of this study. Recommendations to travel sites include providing two-factor authentication (2FA) and requiring users to update passwords that exceed 8 characters with a mix of letters, numbers and special characters.
"Big names in the travel industry often come under fire for their physical treatment of customers, receiving public blowback on social media for flight delays, egregious treatment of passengers, or even foodborne illnesses," said Emmanuel Schalit, CEO at Dashlane. "In many cases the result is a close examination of business practices and positive shift. The travel industry should treat their cybersecurity failings in much the same fashion, and make the necessary changes, such as adding 2FA, in order to protect customers' digital privacy."
To read the press release and study,
click here. My next assignment is to visit my favorite travel sites to update some passwords.