“Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information at risk. A good password is the first line of defense against cyberattacks.”
Emmanuel Schalit, CEO of Dashlane.
The password management platform, Dashlane, recently released statistics related to 2018 password usage (and outrageous blunders) of the year.
200 | The average numer of accounts that require passwords maintained by an internet user.
Dashlane’s “2018 Worst Password Offenders” list, from worst to best:
- Kanye West: He was captured unlocking his iPhone with the passcode “000000” during his meeting at the White House.
- The Pentagon: The Government Accountability Office (GAO) found numerous cybersecurity vulnerabilities in several of the Pentagon’s systems. Among the disturbing issues was that a GAO audit team was able to guess admin passwords in just nine seconds.
- Cryptocurrency owners: There were several news reports of desperate cryptocurrency owners who went to extreme measures (including hiring hypnotists) in their attempts (and mostly failures) to recover/remember the forgotten passwords to their digital wallets.
- Nutella: Nutella encouraged its Twitter followers to use “Nutella” as their password to celebrate World Password Day.
- U.K. Law Firms: Over one million corporate email and password combinations from 500 of the country’s top law firms available on the dark web.
- Texas: Over 14 million voter records were exposed on a server that wasn’t password protected. Information from 77% of the state’s registered voters was left vulnerable.
- White House Staff: A White House staffer wrote his email login and password on official White House stationery — and then accidentally left the document at a Washington, D.C. bus stop.
- Google: An engineering student from India hacked one of Google’s pages and got access to a TV broadcast satellite. He didn’t need much skill — just the ability to log into a Google admin page on his mobile device in using a blank username and password.
- United Nations: U.N. staff were using Trello, Jira, and Google Docs to collaborate on projects, but forgot to password protect many of their documents.
- University of Cambridge: A plaintext password left on GitHub allowed anyone to access the data of millions of people being studied by the university’s researchers.
Here are lessons you should learn, says Dashlane Emmanuel Schalit.
- Password protect all accounts: Whether it’s a server, email account, or an app, you should always secure your data with passwords as they’re the first, and often only, line of defense between hackers and your personal information.
- Use strong passwords: Never use passwords that are easy to guess or that contain names, proper nouns, or things people can easily research about you.
- Never reuse passwords: Every one of your accounts needs a unique password.