Introduction

Login Score is a cybersecurity blog that shouldn't exist in 2025, because our sole* purpose is calling out companies for not protecting their users in ways that have been recommended for decades. In a world where data breaches abound and more and more of our information is on the dark web, how are there still websites and apps that cap your password at 16 characters? Or that don't have MFA at all? Or that don't follow up with you after your email address and password were changed, leaving you totally unaware that somebody stole you account? Every once in a while a company is publicly mocked for not doing better, but this blog is devoted to doing it full-time (as well as praising the ones who are doing a good job). Groups like the FIDO Alliance and OWASP are at the forefront of IAM...while Login Score is bringing up the rear, trying to drag the last few holdouts with us.

Focus

While ideally every website and app would have impeccable account security, the reality is that some aspects of our digital life are more impactful than others. Login Score tends to focus on services that could severely disrupt someone's life if compromised. For example: if someone hacks into your bank account, they can transfer out all of your money and leave you unable to pay rent. If someone hacks into your Spotify, let's be honest...you'll be alright without your Sabrina Carpenter playlists (that's me talking to myself).

Technical Scope

The world of cybersecurity is a scary one: clever hackers are always thinking of new ways to crack digital identities and cause mayhem. Login Score's system only covers a few basic user-facing techniques that an attacker might use to gain access to an account. There are many more advanced hacking techniques that are beyond the scope of this site.

*We occasionally do other cool things too :)