It turns out
, Nutella and Texas all have something in common: They're apparently all terrible with passwords.
Password managing app Dashlane released its annual list of the "worst password offenders" on Wednesday. This year's list includes high-profile names and organizations like
, the White House and the Pentagon.
"Passwords are the first line of defense against cyberattacks," Dashlane CEO Emmanuel Schalit said in a release. "Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information at risk."
The average internet user has more than 200 accounts requiring a password, Dashlane said. The company expects that number to double in the next five years, meaning everyone could be at risk of repeating the same mistakes as the password offenders, Schalit said.
Here are Dashlane's top 10 password offenders for 2018, starting with the worst:
- Kanye West: During an October meeting with president Donald Trump, Kanye West whipped out his iPhone and unlocked it using the not-so-clever passcode 000000. That's probably not the most secure combination, and it doesn't help that he unlocked the phone in front of several cameras.
- The Pentagon: You may be surprised (and perhaps disappointed) to see the Pentagon on this list. An audit by the Government Accountability Office released in October found several vulnerabilities in the Pentagon's systems. For example, the audit team was able to guess admin passwords in nine seconds.
- Cryptocurrency owners: Apparently, people who own cryptocurrency had a hard time remembering the passwords to their digital wallets, according to Dashlane.
- Nutella: Maybe don't take password advice from a company that makes hazelnut spread? Nutella came under fire on World Password Day after encouraging its Twitter followers to make "Nutella" their password.
- UK law firms: Researchers reportedly found that more than 1 million corporate email and password combinations from 500 UK law firms were available on the dark web.
- Texas: More than 14 million voter records with personal information were reportedly found on a server that wasn't password protected.
- White House staff: A staffer reportedly wrote his email login and password on official White House stationery, then left it at a bus stop. Oops.
- Google: Yes, even Google made it onto the list. An engineering student from Kerala, India, reportedly hacked one of the company's pages and accessed a TV broadcast satellite. To log in to the Google admin pages from his phone, he simply used a blank username and password.
- United Nations: UN staff using Trello, Jira, and Google Docs reportedly forgot to password-protect some of their documents. That gave anyone with the right link access to secret plans, international communications and plaintext passwords.
- University of Cambridge: A plaintext password was reportedly left on GitHub, allowing anyone access to the data of millions of people who were being studied by the university's researchers. That data was pulled from a Facebook quiz app called myPersonality.