If you’re like the average internet user, you have more than 200 digital accounts, most of which require a password for access. Unless you’re blessed (cursed?) with a photographic memory, there’s no way for you to remember them all.
Most of us cope by using the same password for many different accounts. Needless to say, that is not a best practice. Another tactic is to use passwords that are easy to remember and are that are, as a consequence, weak. The number sequence “123456” is easy to remember but is an extraordinarily weak password.
The makers of Dashlane, a password protection program, on Wednesday published its list of the year’s 10 worst password offenders. These are the individuals and organizations that made the most significant password-related blunders in 2018.
At the top of the list is singer, songwriter and famous person Kanye West, who unlocked his phone on camera during a well-publicized visit with President Trump. West’s passcode to unlock his phone (“000000”) was clearly visible to millions of people.
Okay, he’s a celebrity and we forgive them their foibles. But number two on the list was the Pentagon. Now this is serious. A Government Accountability Office (GAO) audit of the Defense Department found “numerous cybersecurity vulnerabilities in several Pentagon systems” according to Dashlane. The GAO audit team was able to guess administrative passwords in just nine seconds and also found that software for many weapons systems was protected only by default passwords that anyone could have found with a simple Google search.
From the “this is no surprise” department, cryptocurrency owners who wanted to cash out early in 2018 when bitcoin was trading near $20,000 (versus about $3,500 today) were scurrying to recover or remember the passwords for their digital wallets. Hypnotism was involved in some cases.
In the “it seemed like a good idea at the time” division, food company Nutella encouraged its Twitter followers to use “nutella” as their password. Bad advice.
These are just the top four of the 10 worst offenders. To view the rest of the list (includes the White House and Google), visit the Dashlane blog.
Dashlane recommends three steps to avoid the mistakes of these password offenders:
- Protect all your accounts with a password.
- Use strong passwords (no, “nutella” is not one).
- Don’t use a password more than once.
Dashlane has a dog in this fight of course. It offers a password protection product that requires users to remember just one password and that can automatically generate and store complex passwords for all the other accounts users might have. The company competes against a similar product called LastPass and password protection schemes that have become more robust and useful included with web browsers like Chrome and Firefox.
24/7 Wall St.Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Latest from 24/7
