We are moving through December and are fast approaching the eve of the New Year. This means it’s about to be the most delusional time of the year, as well as one of the most critically acclaimed porn searches of all time in 2018. For the past three years, password manager firm Dashlane has released an annual “Worst Password Offender” list, perhaps in the hope that it will encourage some of us to adopt “create better passwords” as a 2019 New Year’s resolution.
Naturally, Kanye’s easily hacked iPhone password (000000) tops the list, but we’ve got some surprising entries from very important government agencies to multinational confectionery companies (we’re looking for you, Nutella.) And some of them have revealed a hilarious level of competence, the real-life crash of stingy passwords can be catastrophic – recent Facebook hacks have left 14 million users with location and search history. As Dashline CEO Emmanuel Schalit points out: “Passwords are the first line of defense against cyberattacks.” Starting at number 10:
United Nations: UN staff use systems like Trello, Cumin, and Google Docs to collaborate. This will not be a problem – except for the fact that many people forgot to protect those very important files with a secure password or indeed a password. This means anyone with the right links can access highly sensitive internal data and international communications. If you don’t smile, you cry.
University of Cambridge: When someone drops a simple text password on GitHub, they leave Cambridge University researchers with data on the millions of people studying through the vulnerability of Facebook’s quiz application “My Personality”. It even includes data related to the results of psychological tests.
Google: You might think that one of the largest technologists in the world knows one or two things about security in the digital age. Earlier this year, however, an engineering student from Kerala, India, was able to successfully hack into a company and gain access to a TV broadcasting satellite. All he had to do was log in to the Google admin pages on his cell phone with a blank username and password.
Texas: Seventy percent of voter recorders – 14 million Texans – were published on servers that were not password protected, meaning information such as addresses and voting history was open.
White House Staff: Last year, Trump made the White House’s inclusion in this year’s list (disappointingly) predictable, topping the list of “2017 most password criminals”. The specific cybersecurity offense responsible for setting up the WHO at number seven was the work of an employee who wrote down his email login and password at the official (and embossed) station – which he kept at the Washington DC bus stop.
UK Law Firms: More than 1 million corporate emails and password combinations are left on the dark web (in plain text) among the top 500 law firms in the UK.
Nutella: The chocolate-hazelnut spread company should have what the best, confectioner knows. World Password Day – After advising product fans to use “password” as their password, they need to move away from cybersecurity.
The Pentagon: The U.S. Department of Defense’s head office compiled the list after a Public Accountability Office (GAO) audit (again) found that software for multiple weapons systems was protected by default password. What’s more, the GAO team was able to guess the admin passwords in just 9 seconds.
Kanye West: His contempt for cybersecurity is even more infamous than Kanye’s visit to the White House in October. Not only is his password extremely easy to guess (000000), the whole world now knows it’s thanks to the hoards of the TV crew that caught the rapper unlocking his iPhone on camera.
Cryptocurrency Owners: In January, the price of Bitcoin crashed with a jolt to many cryptocurrency owners to get their money out before anything else came down. Only a few forgot their passwords, meaning their new financial assets are now stuck in digital lengths.