10. People named Ashley
Your password should never be a single, easily-guessed word, especially one that's traceable to your identity — for that reason, using a first name as a password is a huge mistake, security-wise.
That didn't stop 432,276 people from using "Ashley" as their password, according to a study published by the UK National Cyber Security Centre in April. "Ashley" was the most common name password, followed by "Michael," "Daniel," and "Jessica."
9. Ellen DeGeneres
The "Ellen" host's official Instagram account was hacked in August, and hackers used it to promote fake giveaways, according to Deadline. In a possibly-joking tweet, DeGeneres wrote that hackers likely guessed her account password, which was "password."
My Instagram account was hacked last night (despite my clever password “password”). We apologize, and we thank everyone who brought it to our attention. I’m going back to sleep now.
— Ellen DeGeneres (@TheEllenShow) August 23, 20198. Shenzen i365 GPS Tracker
More than 600,000 GPS trackers sold by the Chinese company Shenzen i365 on Amazon had major security vulnerabilities, Avast found. The GPS trackers were marketed to parents to keep track on their kids, but all the trackers came with a default password "123456" — any hackers who could guess the password could remotely log into users devices and lock owners out.
7. Virgin Media
When a cybersecurity researcher was trying to reset his Virgin Media password earlier this year, he found that Virgin sent his password in plain text via email — a startlingly unsecure way to communicate passwords without encryption. After he notified Virgin of the vulnerability on Twitter, Virgin's official Twitter account responded with a Tweet that seemed to brush off the complaint:
"Yes, because criminals don't break laws, right?" Matthew Hughes quipped in The Next Web. "By that logic, why should I lock my front door? After all, burglary is illegal."
Posting it to you is secure, as it's illegal to open someone else's mail. ^JGS
— Virgin Media (@virginmedia) August 17, 20196. Elsevier
A cybersecurity researcher found that Elsevier, which publishes scientific and medical journals, had stored people's usernames and passwords in plain text on an unprotected server on their website, meaning anyone who found the page could instantly access the passwords. The company told VICE that the exposure was due to human error and that it would notify all parties affected.
5. WeWork
The embattled real-estate startup reportedly used a single password for its entire global WiFi network, according to Fast Company. The outlet didn't disclose what the password was, but noted that it "has regularly appeared on lists of the worst passwords that anyone can possibly choose." WeWork reportedly declined Fast Company's request for comment.
4. Congressman Lance Gooden
During Mark Zuckerberg's testimony before the House of Representatives in October, footage from the chamber caught Texas Republican Lance Gooden entering his phone password, which appears to be "777777."
Gooden addressed the footage on Twitter, joking that he has the same password practices as Kanye West, who appeared to input "000000" as his iPhone password during a White House meeting with President Trump.
Change Passcode NowWatch and share Technology GIFs and Politics GIFs on Gfycat
Just another thing @kanyewest and I have in common. https://t.co/Vcffb2euxG
— Lance Gooden (@Lancegooden) October 24, 20193. Lisa Kudrow
The "Friends" star went mildly viral in May when she posted a selfie with her computer. The post was meant to show off a Deadline article about her next role, but included a sticky note featuring her password written in pen.
After fans pointed out the mistake, Kudrow removed the post, but later made a similar, joking post featuring a sticky note displaying her "new password."
2. Google
Google announced in May that it had stored some G Suite users' passwords in unencrypted plain text since 2005.
"'Accidents' like this have major implications for platforms and their users; breaches can go undetected for years, so you never know when an account might have been exposed," Dashlane wrote in its post naming Google the second-worst password offender of 2019.
At the time, Google apologized in a blog post for failing to "live up to our own standards."
1. Facebook
Dashlane cited three incidents that placed Facebook at the top of its "Worst Offenders" list: Facebook admitted to exposing hundreds of millions of passwords in March, and in April the company said it had harvested users' contacts without consent. Then, in September, Facebook admitted to a separate instance of exposing users' phone numbers.
"For a company under increasing scrutiny for how it handles (or mishandles) user data and security, it sure needs a poke in the ribs," Dashlane wrote.
