Are you following these password blunders?

From leaving passwords written on sticky notes laying around to using simple passwords to not using proper technology to secure client data, employees and companies still have much to learn about data security, according to a recent report. And with new research showing that cyber incidents are the top global risk for businesses, the blunders highlighted are a lesson in securing personal, corporate and client data.

Dashlane, a credential management company that stores and manage passwords through a desktop or mobile app, recounted the biggest mistakes companies and people made over the last year when it came to securing various accounts via a password in its annual Worst Password Offenders list.

Its top offender was Facebook, which made two critical mistakes from which all companies can learn. The company admitted that it not only exposed passwords of hundreds of millions of users internally to its employees, it also breached user privacy by asking for the email passwords of new users and harvesting contacts without consent. Facebook also violated security best practices by storing account passwords in its internal data storage system for years in plain text.

The tech giant then left a server unprotected – meaning, without a password – leaving 400 million users’ phone numbers and record exposed.

Facebook’s series of security blunders kept Google in second place for the year as the company admitted that it, similarly to Facebook, had stored passwords as plain text … since 2005.

Some of the worst mistakes weren’t done by corporations, according to Dashlane, as people were also inadvertently exposing their own passwords. Their mistakes are also a lesson for many others.

For example, how many people in your office have a password on a sticky note attached to their computer or desk that anyone walking by could see? Dashlane called out actress Lisa Kudrow who posted a photo of an article about an upcoming role. But included in the photo was a password written on a sticky note attached to her computer monitor.

Simple passwords continue to be a thorn in the side of security experts. U.S. Congressman Lance Gooden was caught on camera unlocking his phone with the code “777777.” Talk show host Ellen DeGeneres admitted that her password skills were lacking following a hack of her Instagram account. She was using the password “password.”

Dashlane recommends the following tips to secure accounts:

• Use a different password for every account. “Password reuse is an epidemic. Repeating the same password across your accounts is a lot like using the same key for your house or your car,” the company said.
• Use two-factor identification. It adds an extra layer of security by using two of three verification methods, such as your password, biometrics and a smart card.