BID_Logo_White24

Everyone Hates Passwords, These People Hate Them More

Yesterday was World Password Day and someone’s got to say it – passwords are the worst. Unless you literally created a brand-new, unique password within the last few minutes – one that you’ve never used before – odds are, your password has been breached.  

We’re all sick of coming up with and remembering strong passwords, password managers, and worst of all: “Forgot My Password”. With as much disdain as we the general public have for passwords, there are a few select people with reasons to hate them even more than the rest.  

These are some of those people: 

Stefan Thomas

When German programmer and former Ripple CTO Stefan Thomas was paid 7,002 BTC in 2011, it wasn’t worth much. But just to be safe, he locked the currency away in a digital wallet and placed his password in an IronKey — a notoriously impenetrable, military-grade USB equipped with a single password-protected point of access that self-destructs after ten attempts.  

In 2024, the value of Thomas’ 7,002 BTC has skyrocketed to approximately $407M, and with the credentials to access all that money safe and sound within the IronKey, he doesn’t have to worry about anyone stealing it.  

Unfortunately, Thomas forgot the password, and to this day, no person or AI has ever succeeded in overriding it. Unwittingly and all those years ago, Thomas locked up $407M and threw away the key. We can only assume he would not be amused by that metaphor. 

Andrew Witty

Andrew Witty was knighted for services to the U.K. economy, named an honorary citizen by Singapore for his contributions to the country’s growth and development, he’s earned honorary degrees from Exeter, Manchester and Nottingham Universities, and now, Andrew Witty hates passwords.  

It all started when Witty became CEO of $453.57 billion health insurance giant United Healthcare Group in 2021. Unfortunately, for all the work he’s presumably done as CEO in the last two-and-a-half years, Witty neglected to enact best security practices within the organization. Consequently, a March 2024 breach attributed to a total lack of MFA enabled or enforced within the organization saw hackers access United’s digital environment and steal the personal data of roughly 1/3 of all Americans.  

United Healthcare Group has reported $872M in costs associated with the attack, and there’s only one man to blame. It’s safe to say that 2024 is not Andrew Witty’s year. 

Unnamed Colonial Pipeline Employee

(We don’t know the name of the employee responsible for this password oopsie, but if we were them, we’d want to remain anonymous too.) 

Colonial Pipeline Company provides gasoline, diesel, jet fuel, and heating oil for more than 50 million Americans on a system that includes 5,500 miles of pipeline, as well as tank farms, terminals, and other critical energy infrastructure across 14 states. (CPC 2024) 

On May 7, 2021, the company fell victim to a hacking incident now considered the largest publicly disclosed cyberattack against critical infrastructure in US history. When the breach was detected, CPC froze operations, causing localized shortages of gasoline, diesel, and jet fuel and prompting a state of emergency in 17 states and a declaration from President Joe Biden. 

When the smoke cleared, it was determined that CPC’s systems were breached by way of compromised credentials. The culprit: one anonymous employee who used the same password across multiple accounts. Yikes. 

I don’t know about you, but all three of those anecdotes were enough to make me want to throw my laptop out the window. The odds of any of us ending up in Stefan Thomas’ shoes are low, but if you’ve ever used the same password for more than one account, you could find yourself in that one CPC employee’s position tomorrow. Now that’s scary to think about. 

Luckily for everyone, the era of password protection is coming to a close. Now, organizations like ours (and yours) have the choice of giving passwords the finger (literally) and opting for passwordless authentication methods like biometrics.  

So if any of these password horror stories made you want to throw your computer out the window too, or even just cringe a little, it’s time to explore passwordless.  

Facebook
Twitter
LinkedIn
Email
Picture of Erin Moore
Erin Moore

Leave a Reply

Your email address will not be published. Required fields are marked *

Signup for our newsetter