Thycotic Telephone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

World Password Day 2019: The 6 Worst Password Fails

Written by Jordan True

April 30th, 2019

We’ve covered a lot of password security tips and ways to secure your credentials on The Lockdown. For World Password Day 2019 we thought we’d do things a bit differently and share some of the worst password fails this past year.  While these organizations and individuals may not appreciate the extra attention, these password fails all drive awareness and serve as a reminder to improve your own password security. Without further ado, let’s see our top contenders.

A 2018 Credit Karma report found more than 105 million American adults have a password that could be found on the dark web. That’s 42% of the U.S. population.

Facebook’s Million-Plain-Text-Passwords-Exposed Face Plant

Facebook announced earlier this year that they found 200 to 600 million Facebook account passwords dating back to 2012 exposed in plain text and available to more than 20,000 Facebook employees. Our CTO covers the full story here.

Nutella’s Sweet Mistake

Last year Nutella celebrated World Password Day on Twitter with the worst advice possible, “Choose a word that’s already in your heart.”

A real Nutella lover never forgets his password

Twitter users weren’t impressed and took to the comment sections to share their thoughts:

Nutella bad password advice

Nutella bad password advice

Elsevier Exposed

What was described by Motherboard as a “rolling list of passwords”, a leader in analytics and science Elsevier, left a server openly accessible from the internet. A researcher saw the list of Elsevier passwords and contacted Elsevier immediately. They then responded by stating that the issue was resolved and were still investigating but that “it appears that a server was misconfigured due to human error.”

Lights Out for LIFX Smart Bulbs

Earlier this year, hacker “LimitedResults” shared how smart LIFX light bulbs can be used to expose anything from Wi-Fi passwords to root certificates. LimitedResults purchased a bulb and downloaded the accompanying app on his Android device where he proceeded to set up his Wi-Fi connection. Once linked, he took apart the bulb using a saw to expose the hardware within. Once inside, he found the ESP32D0WDQ6 system-on-chip (SoC) and fused the board to connect the LIFX hardware. Once connected, he was able to see the plain text Wi-Fi passwords within the SoC’s memory.

Reddit, Wikipedia, and Amazon Still Encourage Poor Passwords

You’d think these tech giants would be at the forefront of cyber security but unfortunately, a research project at the University of Plymouth has monitored their password security habits for the last 11 years and revealed they are still accepting poor passwords. This is incredibly alarming as it perpetuates the use of weak passwords. Nearly every common password was accepted, which included “repeats of the username, the user’s own name and, of course, the all-time classic, ‘password’.'”

A 3 Year Old’s 50 Year Password Mistake

Imagine walking up to your iPad to find your toddler has locked you out of your device for 25,536,442 minutes. This became a reality for Evan Osnos this year when he discovered his toddler had repeatedly attempted to unlock his iPad.

3-year old tries to unlock iPad and disables device

His post received a lot of attention and some password humor:

iPad password advice

iPad password advice

Eventually, Evan was able to log back in but only after completely wiping his iPad.

Are you updating your password right now? This isn’t a problem you can afford to ignore. Take the time to create a complex, unique string of characters for each account, set up 2-factor authentication, and get a password manager to protect your accounts! Need more proof, here’s how quickly cyber criminals can crack your password using dictionary searches and brute-force attacks.

This World Password Day 2019 let’s hope there will be one less “password fail” to learn from.  Let these lessons be a wake-up call for you to update your own password practices. Do you have any password fail stories or password jokes? Share them in the comments below.

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.