Trump, Google, United Nations are among 2018's worst password offenders

Some of the biggest names in politics and tech are responsible for this year's worst security gaffes.
Written by Charlie Osborne, Contributing Writer

US President Trump, the United Nations, and Google have all earned themselves a position as some of the worst password offenders over 2018.

Weak passcodes, the use of terrible passwords -- such as "123456" or "QWERTY" --and a failure to change your account credentials on a regular basis have all, for years, been cautioned against for the sake of security.

Brute-force attacks, in which hackers operate simple software able to automatically crack weak credentials, social engineering, and phishing emails are common ways to attempt to break into an account. The simpler the password, the easier it is to break.

Now, many online services will require users to choose complex passwords including a mixture of numbers, letters, and characters, and organizations often offer two-factor authentication (2FA) to create an additional layer of security for our accounts.

However, "do as we say and not as we do" also seems to be in effect, with the very companies promoting better account security failing to follow their own advice.

In addition, some individuals in the public sphere appear to simply be ignoring every warning relating to account security today.

This week, researchers from Dashlane released a list of what the password management software firm believes is the worst cases of lax security and poor password management over the course of 2018.

First up is Kanye West, who made headlines when the musician unlocked his iPhone at the White House with Trump and eagle-eyed watchers noticed his passcode was "000000."

These are the worst hacks, cyberattacks, and data breaches of 2018

TechRepublic: 15 skills you need to be a whitehat hacker and make up to $145K per year

While you may not expect this controversial character to necessarily take cybersecurity seriously, you would think that government officials would do so.

Not when it comes to the Pentagon, it seems, after an audit conducted by the Government Accountability Office (GAO) found that the majority of weapons systems controlled by the organization could be compromised and hijacked using simple tools and methods.

Software for some of this weaponry was protected with default passwords easily found and publicly accessible via search engines.

Trump has caused White House officials a headache for years when it comes to a rather lackadaisical approach to mobile security and Twitter, and after topping last year's list as the worst password offender of 2017, the US president remains on the list.

However, other members of the White House are also present this year. A staff member not only wrote down his email login and password on White House stationery but then proceeded to leave the document at a bus stop for the world to see.

See also: Former Mt. Gox CEO could face 10 years behind bars in embezzlement case

US security officials are not the only ones who need to brush up on basic security. This year, the United Nations accidentally published internal documents, passwords, and documents relating to websites for anyone online to access with a simple link.

Nutella felt the heat this year, too, after celebrating World Password Day by offering ridiculous advice:


Google has generally been a promoter of strong account security in the past, but a series of mishaps this year -- such as security flaws which accelerated the closure of Google+ -- have somewhat tarnished this reputation.

Perhaps the worst example of Google's failures in security this year, however, is the case of a student from India who was reportedly able to break into a Google TV broadcast satellite simply by clicking "log in" -- no password required.

CNET: Iran-linked hackers reportedly targeted activists and US officials

Two other examples of note are the exposure of voting records belonging to almost 15 million Texas residents, left unsecured and online, and the leak of personality and psychology profile data collected from millions of Facebook users by researchers.

There are countless examples of security failures out there, and until people listen and implement basic security hygiene -- especially in a time when data breaches are rampant -- accounts will remain at risk.

Passwords should be complex, changed frequently, and whenever possible, 2FA helps. To keep an eye on whether or not your information has been leaked, the HaveIBeenPwned search engine is also a valuable tool.

Affordable: Top tech, gadgets for under $100

Previous and related coverage

Editorial standards