With 2018 drawing to a close, password manager Dashlane announced its annual list of “Worst Password Offenders.” A diverse group of individuals, government organizations, companies, and academic institutions topped Dashlane’s list.

Illustration: Dashlane

Here are a few of the most infamous or most concerning password blunders in 2018:

  • 1: “Kanye West: Kanye is no stranger to controversy and attained even more notoriety this year when he was captured unlocking his iPhone with the passcode ‘000000’ during his infamous meeting at the White House. Having a weak passcode is risky enough, but brazenly flaunting poor password practices in a room full of TV cameras is as bad as it gets. To put it gently, Kanye needs to lockdown his passwords and make them better, faster, stronger.”
  • 2: “The Pentagon: It’s a shame that the Department of Defense holds the #2 spot this year (up two spots from #4 in last year’s list), but a devastating audit by the Government Accountability Office (GAO) found numerous cybersecurity vulnerabilities in several of the Pentagon’s systems. Among the disturbing issues was that a GAO audit team was able to guess admin passwords in just nine seconds, as well as the discovery that software for multiple weapons systems was protected by default passwords that any member of the public could have found through a basic Google search.”
  • 6: “Texas: Everything is bigger in Texas, including the cybersecurity gaffes. The Lone Star State left over 14 million voter records exposed on a server that wasn’t password protected. This blunder meant that sensitive personal information from 77 percent of the state’s registered voters, including addresses and voter history, was left vulnerable.”
  • 7: “White House Staff: Last year, two White House officials made our list: President Trump took the (un)coveted title of 2017’s Worst Password Offender for a variety of poor cybersecurity habits, while Sean Spicer was included for tweeting his password. This year they passed the baton to another staffer who made the mistake of writing down his email login and password on official White House stationery. This mistake was exacerbated as he accidentally left the document at a Washington, D.C. bus stop.”

While the list may provide some chuckles (looking at y000000u, Kanye), Dashlane stressed that password security is essential for cybersecurity.

“Passwords are the first line of defense against cyberattacks,” said Emmanuel Schalit, CEO of Dashlane. “Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information at risk.”

Unfortunately, the likelihood of poor password hygiene is growing. Dashlane found that the average internet user has 200 digital accounts that require a password–a figure it expects to grow to 400 accounts in the next five years.

Dashlane did offer up some tips to avoid landing on its 2019 Worst Password Offender list:

  • “Password protect all accounts: Whether it’s a server, email account, or an app, you should always secure your data with passwords as they’re the first, and often only, line of defense between hackers and your personal information.
  • Use strong passwords: Never use passwords that are easy to guess or that contain names, proper nouns, or things people can easily research about you—like your favorite hazelnut spread! All your passwords should be longer than eight characters and include a mix of random letters, numbers, and symbols. Even better, use a password generator to come up with them for you.
  • Never reuse passwords: Every one of your accounts needs a unique password. The risk in password reuse is that hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have a different password for every account.”
Read More About
More Topics
Kate Polit
Kate Polit
Kate Polit is MeriTalk's Assistant Copy & Production Editor covering the intersection of government and technology.