Twitter and Zoom among companies bad at password protection in 2020, says Dashlane

Dashlane, the password manager, likes to end the year with buckets of coal for companies that haven't done a good job keeping our passwords safe.

Twitter and Zoom top its annual list of the worst password offenders.

Both companies, note Dashlane, "allowed their employees and users to fall victim to cyber attacks by using weak passwords."

A look at Dashlane's fifth annual list of the Worst Password Offenders:

Twitter: One day in July, 130 verified accounts belonging to Barack Obama, Elon Musk, Bill Gates, Joe Biden and others began to post Bitcoin scams, because, as it turned out, a small number of Twitter employees fell victim to a phishing attack. Twitter responded by having their employees change their passwords, which Dashlane notes, should have happened earlier, not later.

Combatting misinformation: Facebook plans to remove false posts about COVID-19 vaccines

Section 230: Trump threatens defense bill veto unless Congress repeals social media safeguard

Zoom: The video meeting app, which Apple says was the most downloaded iPhone and iPad app of the year, saw half a million Zoom credentials posted for sale on the Dark Web in April. "Hackers used several ways in, including credential stuffing and deployment of multiple bots, to capitalize on Zoomers’ weak and re-used passwords, potentially compromising more of these users’ accounts across the web," says Dashlane, which throws in a friendly reminder that strong and unique passwords are your best friend.

EasyJet: The UK-based budget airline suffered a cyberattack that compromised 9 million EasyJet travelers’ emails and itineraries, with over 2,000 customers’ credit card details breached. "EasyJet told the BBC that they became aware of the hack in January, though customers whose payment details were snagged weren’t notified by the company until April," Dashlane notes.

Marriott: Starwood, the parent company of the Marriott megachain, was still recovering from a 2018 data breach when another 5.2 million Marriott guests were involved in a January hack. The culprit? Compromised Marriott employee login credentials.

Zoosk: The dating app fell victim to a May cyberattack compromising over 200 million user records, including personal information like gender and date of birth.

Robinhood. The app for buying stocks with lower commissions saw customers accounts hacked in October. The company told CNN that hackers got to personal email accounts outside of the app and from there were able to gain access to their accounts. Bloomberg reported that it was many as 2,000 accounts.

In these cases, it was the companies that let us down, Dashlane says, but users themselves need to be more diligent with passwords, too. The company says the average internet user has over 200 digital accounts that require passwords, a figure projected to double to 400 in the next five years.

Password tips

Use random and different passwords for every account. "Repeating the same password across your accounts is a lot like using the same key for your house or your car. If someone gets a hold of those keys, they now have access to everything you want to keep safe," Dashlane says. It only takes one bad password for a hacker to get your information, and if they got that one, they can use the same bad password to keep exploring.

Dashlane, along with many others, recommend turning on two-factor authentication, a process that makes you essentially sign in twice and give you double protection against the hack attempt.

Follow USA TODAY's Jefferson Graham (@jeffersongraham) on Twitter

This article originally appeared on USA TODAY: Worst password abusers of 2020 include Twitter and Zoom, says Dashlane