Security Awareness

Top 10 Worst Places to Store a Password

Nick Santora

Sharing and reusing passwords is one of the easiest ways hackers can gain access to your online accounts. A recent data breach at a water treatment plant in Florida — where a hacker attempted to poison the water supply — was due to the fact the facility’s computers shared the same password for remote access.

Throughout my career in cyber security, I’ve heard some pretty wild stories about places people keep their passwords. So I asked the online community on LinkedIn and Spiceworks to share their wildest answers for the best place to store a password.

The response we received was overwhelming with IT, information security (infosec), and cyber security professionals chiming in to share their jokes and some real-life horror stories. Our team rounded up the best answers of where to NOT store your password. Enjoy!

Here are the top 10 worst places to store a password

1. Make the password the same as your username

Our new Support Engineer at Curricula, Dale, had a great answer

2. Tattoo your password, then update it frequently

Tattooing your password was a surprisingly common (and funny) answer

3. Temporary tattoos also could work

4. Featured in the background of a video call

With so many video calls, watch out for what’s in your background

5. Store your password in a public directory

Big engineering slip committing your password to GitHub #fail

6. Put your password on a sticky note

Seriously, this still happens.

7. Share your password with a friend

It’s good to have friends, if you can trust them

8. If you don’t have friends, just tell your neighbor, or your AI, your password

People really had fun with this one

9. The Nigerian Prince is always a good choice

At least they used upper & lower case, plus numbers and a special character

10. If all else fails, put it on your favorite mug

Just make sure it’s dishwasher safe

Terry also said that if you are using a 2FA solution that pops up a yes/no prompt on your phone, don’t respond ‘Yes’ unless you are actively trying to login. “I have friends that are part of a red team and they are getting past 2FA prompts on a fairly frequent basis because people just approve the login,” Terry explained.

While these responses were hilarious, unlike the reality of the situation, password sharing and reuse are just some of the many ways hackers can gain access to your online accounts.

The importance of using two-factor authentication (2FA) or multi-factor authentication (MFA) cannot be understated. With multi-factor authentication turned on, a hacker will have an extremely difficult time trying to access your account with just your password.

You’re in full control of making strong and unique passwords for your online accounts. Together, we can keep your sensitive information protected by not re-using passwords… and still have a few laughs.

At Curricula, we’re on a mission to make cyber security awareness training fun. Our story themed episodes explore security topics such as how to create strong passwords, why you shouldn’t reuse passwords, phishing, social engineering and so much more. Check out an episode and see for yourself how fun learning with Curricula can be.

Ready to watch an Episode?

Try it out for free.

© 2021 Curricula Group, Inc. All rights reserved.