Lisa Kudrow and Ellen DeGeneres may be considered A-list celebrities, but they each deserve an “F” for their password blunders. Both stars made the list of top 10 worst password offenders in 2019, alongside big businesses like Facebook and Google, according to Dashlane data released on Tuesday.

SEE: Password managers: How and why to use them (free PDF) (TechRepublic)

Big tech companies have been at the forefront of privacy standards and concerns, with federal and state consumer privacy laws becoming a hot topic of conversation in 2019. Despite this, organizations still fail to uphold healthy cybersecurity-related practices when it comes to simple password security, the data found.

Top password offenders

Companies and employees are not the only users at fault for poor password security, however. To display how widespread password security malpractice is, Dashlane identified the following 10 worst password offenders of 2019, spanning from tech companies, to congressmen–and even celebrities. These mistakes include repeated passwords, easily guessed passwords, faulty encryptions, and more.

1. Facebook

Facebook had a big year for password security violations. With back-to-back incidents, Facebook exposed passwords belonging to hundreds of millions of users as well as breached user privacy by asking for the email passwords of new users. Additionally, the social media giant admitted to storing account passwords with plaintext in its internal data storage systems and even left a server unprotected without a password, exposing millions of phone numbers.

2. Google

Google also admitted to “accidently” storing G Suite enterprise user passwords in plaintext–for 14 years. When passwords are in plaintext, cybercriminals can easily access user accounts and commit credit card fraud or identity theft, according to the report.

3. Lisa Kudrow

In one of the more humorous examples, Friends actress Lisa Kudrow posted a picture on Instagram of her computer monitor, which contained a Post-It with her password on it. Before putting anything on social media, users should make sure there isn’t any sensitive information in the frame.

4. Congressman Lance Gooden

During a televised testimony from Mark Zuckerberg to the House Financial Services Committee, Republican representative Lance Gooden was captured on camera unlocking his phone with a “777777” passcode. Common iPhone passcodes have been a long time problem, where hackers can steal information if easy passwords are being used out in the open. Most smartphones have Face ID or Touch ID features, which should always be used in lieu of inputted passwords, according to ZDNet.

5. WeWork

WeWork came under fire last year for its insecure password practices for its global Wi-Fi network. Not only was WeWork’s weak Wi-Fi password apparently easy to hack, but multiple locations around the world had the same password, or no password at all, according to Fast Company.

6. Elsevier

Publishing company Elsevier left a server open to the public online, which exposed passwords and email addresses for users from educational institutions worldwide, as well as password reset links when users requested to change login credentials.

7. Virgin Media UK

Another big password blunder occurred with Virgin Media in the UK. When an ethical hacker forgot his login for his Virgin Media account and requested a password reset, he received his previous password by mail–showing that the company did not encrypt user passwords. While opening someone else’s mail is illegal, that doesn’t mean somebody wouldn’t do it, which would give them access to the ethical hacker’s account.

8. GPS Trackers by Shenzhen i365 Tech

While GPS Trackers are designed to help parents keep track of and protect their children, more than half a million users were assigned the easy-to-guess default password of “123456,” for their devices. Additionally, the same model had vulnerabilities that allowed third-parties to either access the user’s microphone or fake a user’s location.

9. Ellen DeGeneres

While Ellen does give away many free gifts on her daily talk show, her hacked Instagram claimed she was giving away 2,000 iPhones, 1,000 Mac Books, 900 Apple Watches, and 30 Tesla cars, as well as PlayStation and Xbox gift cards. While she brushed off the hack with a joke, security vulnerabilities are not a laughing matter.

10. Ashleys

The last offender on the list covers a wide range of people. According to a list released by the UK’s National Cyber Security Centre, the name Ashley was the highest-ranked first name among the top hacked passwords. With this in mind, Dashlane named anyone who uses Ashley as a password as the last offender on the list.

Don’t make the naughty list

With all of the holiday shopping happening this season, this is a particularly active time for users to be online. The report found the following three best practices for users to protect their passwords:

  • Use a different password for every account

One of the easiest ways to get an account hacked is by reusing the same password for all of your accounts, according to the report. One-quarter of employees said they still use the same password for every account, despite companies reinforcing the importance of changing passwords, an OpenVPN report found. The Dashlane report emphasized the importance of using unique, different passwords for each account.

  • Turn on two-factor authentication (2FA)

Another easy strategy to protect your accounts is to use two-factor authentication (2FA), which adds an extra layer of security by verifying your identity using an additional identifier. These identifiers could include a PIN number, zip code, text message biometric scan, or additional device like a smartphone.

SEE: Password managers: How and why to use them (free PDF) (TechRepublic)

  • Password manager

Get rid of the Post-It note, lists in your phone, or notebook full of passwords; a password manager is one of the most secure ways to safely and easily manage complicated unique passwords on an unlimited number of accounts. The managers are able to automatically log users into the site, while keeping passwords and information encrypted and safe.

For more, check out 6 ways to strengthen your password on TechRepublic.

Also see

designer491, Getty Images/iStockphoto