10 worst password offenders of 2018: Do better, Kanye West and Nutella

2018 had some memorable lapses in cybersecurity

10 worst password offenders of 2018: Do better, Kanye West and Nutella
[Photos: NeONBRAND/Unsplash; Matthew Brodeur/Unsplash]

Normally, Kanye West swinging by the Oval Office to pay a visit to Donald Trump would be headline news (and sure it was), but their meeting was completely upstaged by Kanye’s remarkably poor choice in passwords. That’s why he made the list of password manager Dashlane’s third annual “Worst Password Offenders.” 

It’s easy to understand why people try to make passwords easy to remember–Dashlane found that the average internet user has more than 200 digital accounts that require passwords, and the company projects this figure to double to 400 in the next five years. Get yourself a password manager, stop using these terrible passwords, and try to avoid mistakes that will earn you a spot on this list:
  • 10. University of Cambridge: Someone left a plaintext password on GitHub of all places, allowing anyone to access the data of millions of people being studied by the university’s researchers via a Facebook quiz app. (NB: Don’t take Facebook quizzes; it rarely ends well.)
  • 9. United Nations: U.N. staff forgot to password protect their Trello, Jira, and Google Docs documents, leaving their internal data and international development plans open to anyone with the link.
  • 8. Google: An engineering student gained access to a Google TV broadcast satellite, but you can’t even call what the did as “hacking” per se because he simply logged in to the Google admin page with a blank username and password.
  • 7. White House staff: Some White House staffer wrote his email login and password on official White House stationery and then left it at a Washington, D.C., bus stop.
  • 6. Texas: The Lone Star State left over 14 million voter records exposed on a server that wasn’t password protected, leaving 77% of the state’s registered voters, including addresses and voter history unprotected.
  • 5. U.K. law firms: Researchers in the United Kingdom found over one million corporate email and password combinations from 500 of the country’s top law firms available on the dark web, some stored in plaintext.
  • 4. Nutella: Nutella decided it would be fun to convince its Twitter followers to use “Nutella” as their password as a way to celebrate World Password Day.
  • 3. Cryptocurrency owners: Poor cryptocurrency owners couldn’t access their potential newfound wealth because none of them could remember the passwords to their digital wallets. Did they try “Nutella”?
  • 2. The Pentagon: The Government Accountability Office (GAO) reported that they were able to guess Pentagon passwords in just nine seconds. That wasn’t even the most alarming part–they also discovered that multiple weapons systems were protected by default passwords that any member of the public could have found through a basic Google search.
  • 1. Kanye West: If you’re going to have your iPhone passcode set to “000000” don’t show it off in front of a room full of TV cameras broadcasting around the globe.

About the author

Melissa Locker is a writer and world renowned fish telepathist.