The credential management company (and FIDO Alliance member) Dashlane is once again calling attention to bad password practices with the release of its fourth annual “Worst Password Offenders” list. The list identifies individuals and organizations that made particularly high-profile password mistakes at some point in 2019.
Some of the blunders are attributable to basic human error, and are even somewhat relatable. For instance, Friends star Lisa Kudrow shared an Instagram photo that had her password on a Post-it in the background, while Congressman Lance Gooden was caught using “777777” as the passcode on his phone.
Though amusing, those kinds of mistakes are relatively common, and do point to a concerning trend. Even with a robust security system, a bad password is always vulnerable. Developing better habits is one of the easiest ways to improve security at the personal level. That’s why Dashlane advises a different password for every account and some form of two-factor authentication, whether it’s a PIN, a hardware token, or biometric authentication.
However, Dashlane does have some sympathy for the individual consumer, noting that the average Internet denizen now has more than 200 accounts that require the use of a password. That can be an overwhelming mental burden, especially since that number is expected to climb past 400 in the next five years. Dashlane recommends the use of a password manager to relieve some of the strain.
Unfortunately, some of the other entries on the list are far less forgivable. Facebook and Google both stored user passwords in plaintext, and Facebook took that a step further and stored personal information on an unprotected server and harvested user data without securing the proper consent. As tech experts, Google and Facebook should know better, and their errors are egregious given their responsibility to their respective user bases.
WeWork, Elsevier, and Virgin Media made the list for similar missteps in 2019, though they were hardly the only offenders. The broader takeaway is that far too many people still exhibit bad password behavior, providing a bookend for a Yubico report that was released at the beginning of the year. People’s personal information will still be at risk until organizations and individuals take a more proactive approach to internet security.