- Among the worst password offenders of 2018 are Google, which had an admin account hacked by a student using a blank username and password; the Pentagon, whose admin passwords were called out by the Government Accountability Office for being easily guessed; and the White House staff for poor password security habits, according to the Dashlane "World Password Offenders" of 2018 list.
- Rounding out poor password hygiene are cryptocurrency owners, who continue to forget passwords, thus end up unable to cash out on their crypto assets; Kanye West, whose "000000" phone password was the subject of national mockery earlier this year; and Nutella, whose chocolately goodness wasn't enough to make up for the poor password advice it doled out earlier this year.
- These people and organizations offer clear lessons for password protection, according to Dashlane: Use strong passwords, never reuse passwords and protect all accounts with a password.
Dual or multifactor authentication, password managers and biometric controls are all emerging as practices to compensate for users' poor security practices. But starting from the basics, and making sure "starwars" and "123456" aren't the go-to for end users, is the first step to holistic access management.
When users reuse credentials across personal and professional accounts, it creates a web of potential vulnerabilities — not to mention a massive headache for security teams.
Many organizations are looking far ahead to a password-less future, but in the meantime, network access controls are a crucial resiliency measure.
Whether through stolen credentials or a back door in the system, hackers almost always manage to find a way in. Businesses need to operate on the assumption that they will be breached, and put in place the resiliency and redundancy measure to deal with that case.