In its third annual list of the Worst Password Offenders, Dashlane ranked Kanye West, the Pentagon and cryptocurrency owners as the top three users who demonstrated significantly poor password habits in 2018. Also included in this year's top 10 were Google, the United Nations and Nutella.
“Passwords are the first line of defense against cyberattacks,” said Emmanuel Schalit, CEO of Dashlane, in a press release. “Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information as risk.”
According to the study, an average internet user has more than 200 password-protected accounts, which Dashlane says will double over the next five years. “The sheer number of accounts requiring passwords means everyone is prone to make the same mistakes as the Password Offenders,” said Schalit. “We hope our list serves as a wake-up call to everyone to follow the best password security practices.”
After it was publicly revealed during a White House meeting that Kanye’s iPhone passcode was 000000, it’s no surprise that he claimed the top spot for weakest password. But the Pentagon taking second place is a bit alarming, particularly since the agency was ranked fourth on the 2017 list.
“A devastating audit by the Government Accountability Office (GAO) found numerous cybersecurity vulnerabilities in several of the Pentagon’s systems. Among the disturbing issues was that a GAO audit team was able to guess admin passwords in just nine seconds, as well as the discovery that software for multiple weapons systems was protected by default passwords that any member of the public could have found through a basic Google search,” the press release said.
Following cryptocurrency owners was the world famous hazelnut-and-chocolate spread company, Nutella, whose reported password blunder was that the company tweeted to its followers that it might consider using “Nutella” as its password.
Spots five, six and seven were held by UK law firms, the state of Texas and White House staff, one of whom reportedly “made the mistake of writing down his email login and password on official White House stationery. This mistake was exacerbated as he accidentally left the document at a Washington, D.C., bus stop.”
Quite surprisingly, Google, known for its strong cybersecurity, came in eighth on the top 10, so ranking because “an engineering student from Kerala, India, hacked one of their pages and got access to a TV broadcast satellite.” Using a blank username and password on his mobile device, the student was reportedly able to log in to the Google admin pages.
The list was rounded out by the United Nations and the University of Cambridge, after a plaintext password left on GitHub exposed the data of millions of subjects being studied by university researchers.