Dashlane is handing out some Worst Password Awards in an effort to raise more awareness about password best practices. The organization is best known for its annual list of Worst Password Offenders, though this is the first time that Dashlane has handed out mid-year prizes.
This year’s crop of ‘winners’ includes SolarWinds, Verkada, and any Bitcoin users who forgot the password to their Bitcoin wallets (one particular user has famously forgotten the password to a wallet with more than $220 million worth of Bitcoin, all of which will become permanently inaccessible if he cannot guess the password in his next two tries). The Bitcoin users collectively received the award for ‘Most Likely to Win the Lottery and Lose the Ticket.’
SolarWinds, meanwhile, took the prize for ‘Worst Internship.’ The company was the victim of a high-profile security breach, and it was later revealed that hackers were able to gain access to the company’s systems when they guessed an intern’s password (the password in question was the extremely vulnerable solarwinds123).
Verkada experienced a similar event, insofar as a hacker was able to get in using a username and password found elsewhere on the internet. The lax security practices garnered the award for the ‘Most Avoidable’ password incident. Dashlane also called attention to a successful phishing attack against the California State Controller’s Office, and a hack of a Florida water plant in which the perpetrators tried to poison the state’s water supply.
Dashlane went on to detail some of the steps that organizations and individuals can take to mitigate the risk of data breaches. Most notably, they recommended the use of password managers and two-factor authentication, and stressed that people should never use the same password twice. The company also encouraged people to sign up for its Breach Center, which gives users an advance warning when their credentials turn up on the Dark Web.
“Passwords are a human problem even more than a technology one, and despite the risks, it can be hard to get people to change their behaviors,” said Dashlane CEO JD Sherman. “That’s why everybody should use a password manager like Dashlane—it’s an easy-to-use tool to manage and eliminate security risks proactively for both people and businesses.”
Dashlane is not the only company trying to warn people about the risks associated with passwords. Ivanti and Entrust have both noted that many employees failed to update their security practices while working remotely during the pandemic.