2018's worst password fails revealed

password note

Despite newer technologies, most of us still rely on passwords to secure our accounts. We are not, however, very good at choosing them or looking after them.

Password management company Dashlane has produced a list of the 10 worst password fails of 2018.


1. Topping the list is Kanye West who was caught unlocking his iPhone with the passcode '000000' during his White House meeting with Donald Trump.

2. In second place is the US Department of Defense. An audit by the Government Accountability Office (GAO) found numerous cybersecurity vulnerabilities in several of the Pentagon's systems. Among the disturbing issues was that a GAO audit team was able to guess admin passwords in just nine seconds, as well as the discovery that software for multiple weapons systems was protected by default passwords that any member of the public could have found through a basic Google search.

3. As the value of cryptocurrencies reached record levels at the beginning of the year, scores of crypto owners had the potential to cash out -- if they could remember their passwords. The news was full of reports of people resorting to desperate measures (including hiring hypnotists) to attempt to recover/remember the forgotten passwords to their digital wallets.

4. Food brand Nutella came under fire for giving some nutty password advice as the beloved hazelnut-and-chocolate spread company encouraged its Twitter followers to use 'Nutella' as their password. Worse still, the company sent out the ill-advised tweet on World Password Day.

5. Researchers in the UK found over one million corporate email and password combinations from 500 of the country’s top law firms available on the dark web. Making matters worse, most of the credentials were stored in plaintext.

6. The state of Texas left over 14 million voter records exposed on a server that wasn't password protected. This blunder meant that sensitive personal information from 77 percent of the state’s registered voters, including addresses and voter history, was left vulnerable.

7. A White House staffer made the mistake of writing down his email login and password on official White House stationery. This mistake was exacerbated by his accidentally leaving the document at a Washington, D.C. bus stop.

8. Google takes eighth place in the list as an engineering student from Kerala, India hacked one of its pages and got access to a TV broadcast satellite. The student didn't even need to guess or hack credentials -- he logged in to the Google admin pages on his mobile device in using a blank username and password.

9. United Nations staff were using Trello, Jira, and Google Docs to collaborate on projects, but they forgot to password protect many of their documents. This meant anyone with the correct link could access secret plans, international communications, and plain text passwords.

10. Tenth place goes to prestigious seat of learning the University of Cambridge. A plain text password left on GitHub allowed anyone to access the data of millions of people being studied by the university's researchers. The data was being extracted from the Facebook quiz app myPersonality and contained the personal details of Facebook users, including intimate answers to psychological tests.

2018 password fails

7 Responses to 2018's worst password fails revealed

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.