Strong, memorable passwords are a must in today’s digital-centric world.
But with the number of digital accounts required to do just about anything on internet — from online shopping to using social media platforms such as Facebook — keeping track of each and every password can be daunting.
Dashlane, a password manager app and secure digital wallet, found that the average internet user has over 200 digital accounts that require passwords, and the company projects this figure to double to 400 in the next five years.
Fix passwords ASAP
In its third annual list of the “Worst Password Offenders,” Dashlane also illuminated high-profile individuals and organizations that experienced the most significant password-related blunders in 2018. Everyone, especially those on the list, would do well to consider Dashlane’s three tips going into 2019:
- Password protect all accounts. Whether it’s a server, email account or an app, users should always secure their data with passwords as they’re the first, and often only, line of defense between hackers and personal information.
- Use strong passwords. Never use passwords that are easy to guess or that contain names, proper nouns or details that can be learned through basic research. All passwords should be longer than eight characters and include a mix of random letters, numbers and symbols. Even better, use a password generator.
- Never reuse passwords. Each account needs a unique password. The risk in password reuse is that hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have a different password for every account.
“Weak passwords, reused passwords and poor organizational password management can easily put sensitive information at risk,” Emmanuel Schalit, CEO of Dashlane, said in a press release.
With this in mind, here are 2018′s 10 worst password offenders.
No 1: Kanye West
During his infamous meeting at the White House, the contentious entertainer unlocked his iPhone with the passcode "000000" in a room full of TV cameras.
No 2: The Pentagon
An audit by the GAO found numerous cybersecurity vulnerabilities in several of the Pentagon's systems. An audit team was able to guess admin paswords in just nine seconds, as well as the discovery that software for multiple weapons systems was protected by default passwords that any member of the public could have found through a basic Google search.
No 3: Cyrptocurrency owners
Many crypto owners had the chance to cash out while cryptocurrencies were still at record levels at the beginning of the year, but many couldn't remember their passwords.
No 4: Nutella
On World Password Day, Nutella encouraged its Twitter followers to use "Nutella" as their password.
No 5: U.K. law firms
Researchers in the U.K. found over one million corporate email and password combinations from 500 of the country's top law firms available on the dark web. Making matters worse, most of the credentials were stored in plaintext.
No 6: Texas
The Lone Star State left over 14 million voter records exposed on a server that wasn't password protected. This blunder meant that sensitive personal information from 77% of the state's registered voters, including addresses and voter history, was left vulnerable.
No 7: White House Staff
Poor cybersecurity habits plague the Trump administration. This year, a staffer made the mistake of writing down his email login and password on official White House stationery. This mistake was exacerbated as he accidentally left the document at a D.C. bus stop.
No 8: Google
An engineering student from Kerala, India, hacked one of their pages and got access to a TV broadcast satellite. The student didn't even need to guess or hack credentials; he logged in to the Google admin pages on his mobile device using a blank username and password.
No 9: The United Nations
U.N. staff were using Trellos, Jira and Google Docs to collaborate on projects but forgot to password protect many of their documents. This meant anyone with the correct link could access secret plans, international communications and plaintext passwords.
No 10: University of Cambridge
A plaintext password left on GitHub allowed anyone to access the data of millions of people being studied by the university's researchers. The data was being extracted from the Facebook quiz app myPersonality and contained the personal details of Facebook users, including intimate answers to psychological tests.