Ahead of World Password Day on May 6th, we’re sharing our first-ever, mid-year Worst Password Awards—a reminder of how easy it is to make a password faux pas, even when we think we’re protected. We champion the awareness that World Password Day brings for creating strong and unique passwords for every account, but unfortunately, the “holiday” is not always a cause for celebration. As data breaches continue to make headlines, it’s clear that people and businesses need more education and easy-to-use tools that align with their online behaviors in order to pass the cybersecurity test.
Class is in session for Dashlane’s Worst Password Award winners, which take a spin on senior superlatives to spotlight those that didn’t make the grade so far this year, along with tips for everyone to maintain and improve their online security.
The last thing any company needed as 2020 came to a close was news of a massive breach that had gone undetected for months. Yet that’s exactly what happened to SolarWinds, a major IT firm used by everyone from top U.S. government agencies to Microsoft, when news hit that hackers added malicious code in software, giving them remote access to customer networks and data. To make matters worse, in February 2021, both current and former SolarWinds execs blamed an intern for using the entirely-all-too-insecure password solarwinds123, which was leaked online. We’d make a comment here, but Rep. Katie Porter said it best: “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”
Password pitfalls cost so much—time, energy, user data, company reputation, $220 million. HODL up. That’s right, as cryptocurrency soared, bitcoin users were locked out of both their wallets and potential fortunes due to forgotten passwords. People—Post-its get lost, built-in browser storage doesn’t work everywhere, and you shouldn’t leave the keys to your online kingdom up to memory. Password managers are the most secure, universal solution, not to mention a lifesaver in instances like these.
The hack of a Florida water plant and phishing attack at a California State Controller’s Office are just some of the recent examples highlighting the challenges public sector organizations face when it comes to cybersecurity. Unfortunately, our tax dollars don’t always get invested in effective defenses, making local (and national, for that matter) government services an easy target for bad actors. In California, state workers fell for a phishing email that targeted at least 9,000 contacts, giving hackers access to social security numbers and other sensitive information. Meanwhile in Florida…hackers gained remote access to the treatment plant’s system and tried to poison the water—making stronger cybersecurity practices a matter of public health and safety.
Hacks are often more widespread than you think, as a recent one at cloud-based enterprise security camera system Verkada showed. After an international hacker collective breached its systems with a username and password found on the internet, they accessed Verkada customer cameras, which ranged from the Technoking of Tesla’s factories and warehouses to Equinox gyms, hospitals, jails, and schools. It’s unlikely Musk will mock this in his upcoming SNL monologue—avoidable data breaches are no laughing matter.
Not what you use to brush your luscious locks but rather the “Compilation of Many Breaches.” As bad as it sounds, COMB is the result of an online hacking forum posting over three billion unique emails and passwords gathered from past leaks at Netflix, LinkedIn, Bitcoin, and more. With 4.7 billion people online, COMB included the data of nearly 70% of global internet users! Both predictable and painful (are you listening? Don’t reuse your passwords!).
“We all know we should practice better password hygiene, but as these examples show, we’re only human. Passwords are a human problem even more than a technology one, and despite the risks, it can be hard to get people to change their behaviors,” said JD Sherman CEO of Dashlane. “That’s why everybody should use a password manager like Dashlane—it’s an easy-to-use tool to manage and eliminate security risks proactively for both people and businesses.”