Introduction

Login Score is a cybersecurity blog that shouldn't exist in 2025, because our sole* purpose is calling out companies for leaving their users unprotected in ways that have been known for decades. In a world where data breaches abound and more and more of our information is on the dark web, how are there still websites that cap your password at 16 characters? Or that don't have MFA at all? Or that don't follow up with you after your email address and password were changed, leaving you with no idea that somebody stole your account? Every once in a while a company is publicly mocked for not doing better, but this blog is devoted to doing it full-time (as well as praising the ones who are doing a good job). Groups like the FIDO Alliance and OWASP are at the forefront of IAM...while Login Score is bringing up the rear, trying to drag the last few holdouts with us.

Product Scope

While ideally every website and app would have impeccable account security, the reality is that some aspects of our digital life are more impactful than others. Login Score tends to focus on services that could severely disrupt someone's life if compromised. If someone hacks into your bank account, they can transfer out all of your money and leave you unable to pay rent. If someone hacks into your Spotify, let's be honest...you'll be alright without your Sabrina Carpenter playlists (that's me talking to myself).

Technical Scope

The cybersecurity landscape is scary: clever hackers are always thinking of new ways to crack digital identities and cause mayhem. Login Score's system only covers a few basic user-facing techniques that an attacker might use to gain access to an account. There are many more advanced hacking techniques that are beyond the scope of this site.

 

*We occasionally do other cool things too :)