Trump Tops The List of Worst Password Offenders. Sad.

Donald Trump likes to be No 1, whether it’s ratings or scoring babes—and there’s one list on which he definitely deserves the ranking: Worst Password Offenders.

According to Dashlane’s annual rankings, the American president has a list of transgressions, starting with not requiring strong passwords on the part of his staff and continuing with Trump Organization hacks and questions over Twitter security.

“As a person who has continually lamented the cybersecurity woes of his opponents, and trumpeted his own, his leadership in this area leaves much to be desired,” the firm noted.

A January investigation by UK outlet Channel 4 News found that many of the top staff members Trump handpicked, including multiple cabinet secretaries, senior policy directors—even, ironically (funny/not funny?), cybersecurity advisor Rudy Giuliani—were reusing unsecure, simple passwords. These passwords were used across multiple websites, as well as for their personal email accounts, and were believed to have been part of a slew of breaches that occurred between 2012 and 2016.

So there’s that. But wait—there’s more!

“Trump also has direct connections to three of our other Top 10 offenders (Republican Party, Paul Manafort, Sean Spicer), which suggests he has never implemented proper cybersecurity protocols in any of his positions,” Dashlane said. “Lastly, numerous Trump Organization websites were hacked this year, and a multitude of leading security experts questioned the security of his Twitter devices and accounts.”

Speaking of the Republican Party, it comes in at an impressive No 5 on the list. One of the GOP's data analytics firms accidentally leaked the personal details of 198 million Americans—roughly the entire voting-age population. One cybersecurity expert described the leak as a "gold mine for anyone looking to target and manipulate voters." Much like the Pentagon hack, the firm was storing data on a non-password protected server.

Trump's recently indicted campaign manager, Paul Manafort (No 9) appears to be to a James Bond fan, as he was using 'Bond007' as his password for multiple personal accounts, including Dropbox and Adobe.

Then there’s former Press Secretary Sean Spicer (No 10). While he’ll be remembered for his fondness of shrubbery, we should also remember that he tweeted out what appeared to be his own password, in (one hopes) a copy and paste error. Oops.

That’s a lot of cybersecurity flubbing going on in one administration—perhaps poor password hygiene is the legacy of Trump and crew (along with Russia, an avoidance of the truth and a penchant for sexual harassment and accused pedophiles, of course). In any event, let this be a lesson to us all to apply some common sense: Use passwords once—strong ones at that—and never re-use them again.  

What’s Hot on Infosecurity Magazine?