Class Is in Session With Dashlane’s Worst Password Awards
Ahead of World Password Day on May 6th, we're sharing our first-ever, mid-year Worst Password Awards—a reminder of how easy it is to make a password faux pas, even when we think we’re protected. We champion the awareness that World Password Day brings for creating strong and unique passwords for every account, but unfortunately, the “holiday” is not always a cause for celebration. As data breaches continue to make headlines, it’s clear that people and businesses need more education and easy-to-use tools that align with their online behaviors in order to pass the cybersecurity test.
Class is in session for Dashlane’s Worst Password Award winners, which take a spin on senior superlatives to spotlight those that didn’t make the grade so far this year, along with tips for everyone to maintain and improve their online security.
Worst Internship: SolarWinds
The last thing any company needed as 2020 came to a close was news of a massive breach that had gone undetected for months. Yet that’s exactly what happened to SolarWinds, a major IT firm used by everyone from top U.S. government agencies to Microsoft, when news hit that hackers added malicious code in software, giving them remote access to customer networks and data. To make matters worse, in February 2021, both current and former SolarWinds execs blamed an intern for using the entirely-all-too-insecure password solarwinds123, which was leaked online. We’d make a comment here, but Rep. Katie Porter said it best: "I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad.”
Most Likely to Win the Lottery and Lose the Ticket: Bitcoin Users Who Forgot Their Passwords
Password pitfalls cost so much—time, energy, user data, company reputation, $220 million. HODL up. That’s right, as cryptocurrency soared, bitcoin users were locked out of both their wallets and potential fortunes due to forgotten passwords. People—Post-its get lost, built-in browser storage doesn’t work everywhere, and you shouldn’t leave the keys to your online kingdom up to memory. Password managers are the most secure, universal solution, not to mention a lifesaver in instances like these.
The hack of a Florida water plant and phishing attack at a California State Controller’s Office are just some of the recent examples highlighting the challenges public sector organizations face when it comes to cybersecurity. Unfortunately, our tax dollars don’t always get invested in effective defenses, making local (and national, for that matter) government services an easy target for bad actors. In California, state workers fell for a phishing email that targeted at least 9,000 contacts, giving hackers access to social security numbers and other sensitive information. Meanwhile in Florida…hackers gained remote access to the treatment plant’s system and tried to poison the water—making stronger cybersecurity practices a matter of public health and safety.
Most Avoidable: Verkada
Hacks are often more widespread than you think, as a recent one at cloud-based enterprise security camera system Verkada showed. After an international hacker collective breached its systems with a username and password found on the internet, they accessed Verkada customer cameras, which ranged from the Technoking of Tesla’s factories and warehouses to Equinox gyms, hospitals, jails, and schools. It’s unlikely Musk will mock this in his upcoming SNL monologue—avoidable data breaches are no laughing matter.
Most Predictable: COMB
Not what you use to brush your luscious locks but rather the “Compilation of Many Breaches.” As bad as it sounds, COMB is the result of an online hacking forum posting over three billion unique emails and passwords gathered from past leaks at Netflix, LinkedIn, Bitcoin, and more. With 4.7 billion people online, COMB included the data of nearly 70% of global internet users! Both predictable and painful (are you listening? Don’t reuse your passwords!).
“We all know we should practice better password hygiene, but as these examples show, we’re only human. Passwords are a human problem even more than a technology one, and despite the risks, it can be hard to get people to change their behaviors,” said JD Sherman CEO of Dashlane. “That’s why everybody should use a password manager like Dashlane—it’s an easy-to-use tool to manage and eliminate security risks proactively for both people and businesses.”
Extra Credit: Tips for A+ security at home, work, or anywhere in between
- Use random and different passwords for every account: Hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have random and different passwords for every account. Random keeps you secure.
- Turn on two-factor authentication (2FA): 2FA is a feature that adds an additional "factor" to your normal login procedure to verify your identity: something you know (your password, PIN number, zip code, etc.), something you are (via facial recognition, your fingerprints, retina scans, etc.), or something you have (a smart card, your smartphone, etc.). Most apps or websites will verify you via an email or a text message sent to your phone.
- Get a password manager. Now. Ditch whichever patented password management "method" you're currently using. A password manager is literally the only way to safely and conveniently manage wildly complicated and unique passwords for an unlimited number of accounts, while providing automatic logins and secure autofill of personal and payment information.
- Sign up for free breach alerts. Dashlane helps you learn what to do if your information has been compromised. Dashlane’s Breach Center will alert you if any of your data is found on the Dark Web, and keep an eye out for breaches that may affect you in the future.
Learn more about password management on our Dashlane's features page.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.