100 Reasons Why ‘Louvre’ Isn’t The Dumbest Password Ever

ByDavey Winder,

Senior Contributor.

As the world looked on, the news that the Louvre museum of art in Paris, France, was robbed of more than $100 million of jewels in broad daylight, during opening hours, emerged. The theft itself was audacious, no doubt about it. Reckless and risky could also apply to something else, something that’s right up my security street. The choice of password to protect the Louvre’s video surveillance system was, yes, Louvre. But if you thought that password security couldn’t get any weaker than that, you’d be wrong. A newly published list of truly dumb passwords has 100 examples that show just how stupid some security measures can be.

Hackers will go to any lengths to get their hands on your passwords, be that by carefully constructed attacks against iPhone users, smartly humanized credential-stealing malware aimed at Android users, and even phishing scams aimed at relieving folk savvy enough to use a password manager, Last Password in this case, of their master passwords. But why bother with all that nonsense when you can just go and pick a password out of a long list of 183 million stolen credentials, following the publication of infostealer logs?

Such lists make credential-stuffing attacks, where a threat actor simply loads up known passwords into accounts associated with connected email addresses, easy peasy. Especially if those users have committed the cardinal security sin of reusing the same passwords across accounts and services, and that, dear reader, is where the 100 reasons that Louvre is far from the dumbest password ever come roaring into view.