I Miss the 000000ld Kanye: West Tops Dashlane's List of 2018's "Worst Password Offenders"
NEW YORK, Dec. 12, 2018 /PRNewswire/ -- Dashlane today announced its third annual list of the "Worst Password Offenders." The list highlights the high-profile individuals and organizations that had the most significant password-related blunders in 2018.
"Passwords are the first line of defense against cyberattacks," said Emmanuel Schalit, CEO of Dashlane. "Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information as risk."
Dashlane found that the average internet user has over 200 digital accounts that require passwords, and the company projects this figure to double to 400 in the next five years. "The sheer number of accounts requiring passwords means everyone is prone to make the same mistakes as the Password Offenders," states Schalit. "We hope our list serves as a wake-up call to everyone to follow the best password security practices."
Dashlane's "Worst Password Offenders" of 2018, beginning with the worst:
1. Kanye West: Kanye is no stranger to controversy and attained even more
notoriety this year when he was captured unlocking his iPhone with the
passcode "000000" during his infamous meeting at the White House. Having
a weak passcode is risky enough, but brazenly flaunting poor password
practices in a room full of TV cameras is as bad as it gets. To put it
gently, Kanye needs to lockdown his passwords and make them better,
faster, stronger.
2. The Pentagon: It's a shame that the Department of Defense holds the #2
spot this year (up two spots from #4 in last year's list), but a
devastating audit by the Government Accountability Office (GAO) found
numerous cybersecurity vulnerabilities in several of the Pentagon's
systems. Among the disturbing issues was that a GAO audit team was able
to guess admin passwords in just nine seconds, as well as the discovery
that software for multiple weapons systems was protected by default
passwords that any member of the public could have found through a basic
Google search.
3. Cryptocurrency owners: As the value of cryptocurrencies reached record
levels at the beginning of the year, scores of crypto owners had the
potential to cash out--if they could remember their passwords. The news
cycle was rife with reports of people resorting to desperate measures
(including hiring hypnotists) to attempt to recover/remember the
forgotten passwords to their digital wallets.
4. Nutella: Nutella came under fire for giving some of the nuttiest password
advice of the year as the beloved hazelnut-and-chocolate spread company
encouraged its Twitter followers to use "Nutella" as their password. As
if the advice wasn't bad enough, the company sent out the ill-advised
tweet to celebrate World Password Day.
5. U.K. Law Firms: Researchers in the United Kingdom found over one million
corporate email and password combinations from 500 of the country's top
law firms available on the dark web. Making matters worse, most of the
credentials were stored in plaintext.
6. Texas: Everything is bigger in Texas, including the cybersecurity gaffes.
The Lone Star State left over 14 million voter records exposed on a
server that wasn't password protected. This blunder meant that sensitive
personal information from 77% of the state's registered voters, including
addresses and voter history, was left vulnerable.
7. White House Staff: Last year, two White House officials made our list:
President Trump took the (un)coveted title of 2017's Worst Password
Offender for a variety of poor cybersecurity habits, while Sean Spicer
was included for tweeting his password. This year they passed the baton
to another staffer who made the mistake of writing down his email login
and password on official White House stationery. This mistake was
exacerbated as he accidentally left the document at a Washington, D.C.
bus stop.
8. Google: The search engine giant has historically been buttoned up in
terms of cybersecurity, but this year, an engineering student from
Kerala, India hacked one of their pages and got access to a TV broadcast
satellite. The student didn't even need to guess or hack credentials; he
logged in to the Google admin pages on his mobile device in using a blank
username and password.
9. United Nations: The organization tasked with maintaining international
peace has a security problem. U.N. staff were using Trello, Jira, and
Google Docs to collaborate on projects, but forgot to password protect
many of their documents. This meant anyone with the correct link could
access secret plans, international communications, and plaintext
passwords.
10. University of Cambridge: A plaintext password left on GitHub allowed
anyone to access the data of millions of people being studied by the
university's researchers. The data was being extracted from the Facebook
quiz app myPersonality and contained the personal details of Facebook
users, including intimate answers to psychological tests.
Learn from the mistakes of this year's Password Offenders:
1. Password protect all accounts: Whether it's a server, email account, or
an app, you should always secure your data with passwords as they're the
first, and often only, line of defense between hackers and your personal
information.
2. Use strong passwords: Never use passwords that are easy to guess or that
contain names, proper nouns, or things people can easily research about
you--like your favorite hazelnut spread! All your passwords should be
longer than eight characters and include a mix of random letters,
numbers, and symbols. Even better, use a password generator to come up
with them for you.
3. Never reuse passwords: Every one of your accounts needs a unique
password. The risk in password reuse is that hackers can use passwords
from compromised accounts to easily access other accounts. The only
protection against this is to have a different password for every
account.
About Dashlane
Dashlane simplifies and secures your digital identity--all your personal information that lives online. Across all platforms and devices, the intuitive Dashlane app automatically fills and stores passwords, personal data, and payment details to help you manage, monitor, and protect your digital identity. Available in 11 languages and trusted by 10+ million people in 180 countries (and growing), it's the complete, global solution for living safely and seamlessly online--at home, at work, and everywhere in between.
With offices in New York City, Paris, and Lisbon, Dashlane has raised over $70 million in venture funding to create a safe and effortless solution for all citizens of the digital world. Learn more at dashlane.com.
View original content to download multimedia:http://www.prnewswire.com/news-releases/i-miss-the-000000ld-kanye-west-tops-dashlanes-list-of-2018s-worst-password-offenders-300762767.html
SOURCE Dashlane
