You Probably Have a Better Password Than The Louvre Did: Learn From Its Mistake

Is your password easily guessable? Is it, oh, I don’t know, maybe the name of the world-famous Paris museum you’re trying to protect?

The brazen theft of more than $100 million in jewels from the world-famous Louvre on Oct. 19 captured the world’s attention, for obvious reasons. As of Wednesday, French police have arrested seven suspects, but the jewels have not yet been recovered. Now reports show the Louvre has had security issues in the past, including one that wouldn’t pass the most basic cybersecurity test: The museum’s name itself, Louvre, may have been one of its passwords.

The French newspaper Libération reports that the French cybersecurity agency ANSSI audited the Louvre’s security in 2014 and 2015. The museum failed badly.

One part of the audit described unguarded rooftop access. That’s somewhat relevant today, since thieves reportedly used a truck-mounted electric ladder to reach a balcony and cut through window glass. Not quite the roof, but apparently equally unguarded. 

The audit also said the museum’s security software at the time was running on Windows Server 2003, which was set to lose support from Microsoft at that time, more than a decade ago.

Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.

The Louvre’s password was once ‘Louvre’

One of the most significant flaws in the Louvre’s cybersecurity was lazy password use. “Louvre” appeared to be the password to access the museum’s video surveillance. One computer login password was “Thales,” the name of the software developer, which we’re guessing was visible on the login screen.

A representative for the Louvre didn’t immediately respond to a request for comment. 

While Libération’s investigation indicated that many of the same problems remain, we don’t know which issues the Louvre staff corrected in the decade since the audit. Perhaps the Louvre’s current password is L0uvr31500$$ now or something even tougher to guess. M0n@ L1$@, maybe?

Now is an excellent time to update your own passwords

If the Louvre report wasn’t enough incentive, it’s essential to give your own passwords a check ahead of the holidays, when many people increase their online shopping time. 

CNET’s latest survey shows that nearly half of Americans engage in risky password habits. US adults don’t shy away from using personal information as a part of their passwords. Fifteen percent include birthdays or anniversaries, 14% include a pet’s name and 11% use part of the user’s own name or a family member’s name. 

You can improve passwords with a few simple steps, or use a password manager that can generate strong passwords and keep them organized. When creating passwords, keep a few essential points in mind.

• Don’t use your name or any identifying information as part of your password.
• Use passwords that include upper and lowercase letters, numbers and symbols. 
• Update your passwords if you become aware of a data breach affecting services you use. 
• Don’t leave any unencrypted notes revealing your password lying around.

Remember, today’s passwords aren’t just on your phone and computer, but also on potentially vulnerable devices like Wi-Fi routers, security systems and more.