When it comes to creating strong passwords to protect important data at work and at home, it’s very easy to make a faux pas. With this in mind, and just in time for the first Thursday in May — otherwise known as World Password Day — Dashlane is sharing its first-ever, mid-year Worst Password Awards.
World Password Day is intended to bring awareness to the importance of creating strong and unique passwords for every account, but unfortunately the “holiday” is not always a cause for celebration. As data breaches continue to make headlines, it’s clear that people and businesses need more education and easy-to-use tools that align with their online behaviors in order to pass the cybersecurity test.
Dashlane’s Worst Password Awards take a spin on senior superlatives to spotlight those that didn’t make the grade so far this year:
- Worst Internship: SolarWinds. The last thing any company needed as 2020 came to a close was news of a massive breach that had gone undetected for months. Yet that’s exactly what happened to major IT firm SolarWinds when news hit that hackers added malicious code in software, giving them remote access to customer networks and data. To make matters worse, in February 2021, both current and former SolarWinds execs blamed an intern for using the entirely-all-too-insecure password solarwinds123, which was leaked online. “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” commented Rep. Katie Porter.
- Most Likely to Win the Lottery and Lose the Ticket: Bitcoin Users Who Forgot Their Passwords. Password pitfalls cost time, energy, user data, and company reputation. And $220 million. As cryptocurrency soared, bitcoin users were locked out of both their wallets and potential fortunes due to forgotten passwords.
- Most Surprising: Local and Government Services. The hack of a Florida water plant and phishing attack at a California State Controller’s Office are just some of the recent examples highlighting the challenges public sector organizations face when it comes to cybersecurity. Unfortunately, tax dollars don’t always get invested in effective defenses, making government services an easy target for bad actors. In California, state workers fell for a phishing email that targeted at least 9,000 contacts, giving hackers access to social security numbers and other sensitive information. Meanwhile in Florida, hackers gained remote access to the treatment plant’s system and tried to poison the water—making stronger cybersecurity practices a matter of public health and safety.
- Most Avoidable: Verkada. Hacks are often more widespread than you think, as a recent one at cloud-based enterprise security camera system Verkada showed. After an international hacker collective breached its systems with a username and password found on the internet, they accessed Verkada customer cameras, which ranged from the Technoking of Tesla’s factories and warehouses to Equinox gyms, hospitals, jails, and schools.
- Most Predictable: COMB. Not what you use to brush your hair but rather the “Compilation of Many Breaches.” As bad as it sounds, COMB is the result of an online hacking forum posting over three billion unique emails and passwords gathered from past leaks at Netflix, LinkedIn, Bitcoin, and more. With 4.7 billion people online, COMB included the data of nearly 70% of global internet users.
“We all know we should practice better password hygiene, but as these examples show, we’re only human. Passwords are a human problem even more than a technology one, and despite the risks, it can be hard to get people to change their behaviors,” said JD Sherman, CEO of Dashlane. “That’s why everybody should use a password manager like Dashlane—it’s an easy-to-use tool to manage and eliminate security risks proactively for both people and businesses.”
Extra Credit: Tips for A+ Security
The Worst Password Awards are more than just bad news, though: Dashlane has also taken the opportunity to provide tips for everyone to maintain and improve their online security:
- Use random and different passwords for every account: Hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have random and different passwords for every account. Random keeps you secure.
- Turn on two-factor authentication (2FA): 2FA is a feature that adds an additional “factor” to your normal login procedure to verify your identity: something you know (your password, PIN number, zip code, etc.), something you are (via facial recognition, your fingerprints, retina scans, etc.), or something you have (a smart card, your smartphone, etc.). Most apps or websites will verify you via an email or a text message sent to your phone.
- Get a password manager. Now. Ditch whichever patented password management “method” you’re currently using. A password manager is literally the only way to safely and conveniently manage wildly complicated and unique passwords for an unlimited number of accounts, while providing automatic logins and secure autofill of personal and payment information.
- Sign up for free breach alerts. Dashlane helps you learn what to do if your information has been compromised. Dashlane’s Breach Center will alert you if any of your data is found on the Dark Web, and keep an eye out for breaches that may affect you in the future.