Why You Shouldn't Make Fun of Mark Zuckerberg's Password

Mark Zuckerberg suffered a major breach of privacy on June 5 when hackers gained access to his personal social media accounts. 

Many people criticized the Facebook CEO’s simple password — “dadada” — as well as the fact he reused the same password across multiple services. 

While Zuckerberg’s choices may not follow experts’ recommended security practices, they reflect the norms of cybersecurity more than an extreme case of negligence. If anything, the revelation should prompt the general public and businesses to take a look in the mirror and evaluate their own cybersecurity hygiene. 

Suffice it to say, Mark Zuckerberg isn’t alone in his poor password choices. 

Analysis of 11 million passwords shows that “dadada” is actually par for the course. A look at the top five most popular passwords shows “123456,” “12345” and “1234” making the list. 

These 20 passwords constitute 10.3 percent of all passwords in use. That means with fewer than 20 tries, anyone could login to roughly one out of 10 accounts today. The top password,“123456,” compromises 4.1 percent of all passwords. “Dadada” starts to look tough in comparison.

Mark Zuckerberg reportedly used the same password for his LinkedIn, Twitter and Pinterest accounts, which the hackers reportedly found online following the 2012 LinkedIn breach. In other words, one leaked password led to three hacked accounts. 

Research from University of Cambridge professor Joseph Bonneau indicates 31 percent of people reuse passwords for multiple services. A third of internet users could fall victim to the same fate as Zuckerberg. And consider this: the average person uses 28 distinct cloud services today — and that number shows no signs of going down.

Hacking social media accounts can damage reputation, but at least no sensitive information was lost. People upload much more than to-do lists and vacation photos to cloud applications. 

Thirty-four percent of employees upload sensitive data including personally identifiable information (e.g. Social Security numbers, home addresses), health information (e.g. patient records), or payment card data to file sharing apps. Twenty-one percent of all files in file-sharing services contain sensitive data. 

If a hacker can steal a password, chances are high they can access some form of sensitive information. 

Learning Opportunities

Webinar

Mar

29

The CX Commute vs. the CX Joy Ride

Is your CX traffic holding up your customer's journey?

Webinar

Mar

29

Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost

See why MIcrosoft recommends third party backup

Webinar

Mar

30

An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications

Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers

Webinar

Apr

5

Adopt a Modern Digital-First Marketing Strategy

Learn how to use a composable DXP to your advantage

Webinar

Apr

13

Accelerating Content Velocity Across the Digital Supply Chain

Learn to integrate DAM with upstream tools to improve workflow efficiency.

Webinar

Apr

13

Composable Commerce The Future of Retail

The Adobe Commerce approach to composable and why it's best in class

Webinar

Mar

29

The CX Commute vs. the CX Joy Ride

Is your CX traffic holding up your customer's journey?

Webinar

Mar

29

Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost

See why MIcrosoft recommends third party backup

Webinar

Mar

29

The CX Commute vs. the CX Joy Ride

Is your CX traffic holding up your customer's journey?

Webinar

Mar

29

Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost

See why MIcrosoft recommends third party backup

Webinar

Mar

30

An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications

Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers

Webinar

Mar

29

The CX Commute vs. the CX Joy Ride

Is your CX traffic holding up your customer's journey?

View all

The average internet user may not be aware of the substantial threats to weak security practices. The service provider carries some of the responsibility to educate users on how to protect themselves. 

Yet out of over 12,000 cloud services on the market, only 6.5 percent require strong passwords with a combination of upper-case letters, lower-case letters, numbers and symbols. Another 13.6 percent require moderate passwords, and the vast majority — 79.9 percent — allow weak passwords that are the most vulnerable to compromise.  

Static passwords have proven to be a point of failure in a number of personal and company-wide data breaches. If we are to learn anything from these failures, it’s that good security and multi-factor authentication go hand in hand. 

Application service providers lag behind on this crucial feature. Today, only 15.4 percent of cloud services offer multi-factor authentication. 

At the end of the day, a password only provides one line of defense in the fight to keep data safe online — and it is a battle. A weak password certainly makes it easier for hackers to gain access to your information, but to keep data safe you need to practice overall solid security hygiene. 

Using multi-factor authentication, updating old software and looking out for phishing attempts all go a long way to keeping safe online. The hacker who broke into the controversial software company Hacking Team admitted that he only shared his victim’s weak password online as a red herring, since he had infiltrated the company so thoroughly that his key logger could have stolen any password. 

Title image "laughs" (CC BY-SA 2.0) by  marc kjerland 

Learn how you can join our contributor community.