Worst password offenders of 2018 exposed
Kanye West is the worst password offender of 2018, according to Dashlane. When visiting the White House, the famous rapper was sprotted unlocking his iPhone with the passcode “000000”.
The Pentagon made second place: an audit by the Government Accountability Office revealed easy-to-guess admin passwords and default passwords for multiple weapons systems.
Other offenders on the list include:
- Italian company Ferrero, who offered spectacularly bad password advice to users (they suggested the use of “Nutella” – the name of their popular sweet spread – as a password).
- A White House staffer (the offence: writing down his email login and password on official White House stationery)
- Texas and the UN (both failed to password-protect sensitive information)
- The University of Cambridge (a plaintext password left on GitHub allowed anyone to access the data of millions of people being studied by the university’s researchers).
Google has also made the list. “An engineering student from Kerala, India hacked one of their pages and got access to a TV broadcast satellite. The student didn’t even need to guess or hack credentials; he logged in to the Google admin pages on his mobile device in using a blank username and password,” Dashlane explained the inclusion.
Advice for users
It might be that Kanye West temporarily changed his phone password to one that’s easy to remember because he knew that cameras will be around and he didn’t want to worry about them capturing his actual password, but the rest of the offenders have no good excuse for their blunders.
Creating a password that’s long and complex enough to stymie guessing, dictionary and brute-forcing attacks is a problem for many users, especially when they don’t use a password manager to remember it for them.
For the same reason they might reuse the same password for many of their accounts, which is another big no-no as the compromise of one set of credentials then open many doors for attackers.
It should go without saying that password-protecting all accounts is a good idea, but for those who don’t want to use a password manager either for choosing a good passwords or saving it, this particular method for creating strong, difficult-to-crack passwords can come in handy.