Password Manager Developer Admits Using 'password123' for Own Account Since 2019

The lead developer of VaultGuard, a password management application used by 2.3 million people to securely store their credentials, has admitted to using the password 'password123' as the master key to his own VaultGuard account since the application's launch in 2019. The admission came during a routine third-party security audit when penetration tester Akira Hashimoto cracked the developer's master password in 0.003 seconds using a dictionary attack that, in Hashimoto's words, 'didn't even need to get creative.' 'I tried the top ten most common passwords. His was number three,' said Hashimoto. 'The software he built generates 256-bit cryptographically random passwords with configurable entropy pools. He chose password123. I sat in the conference room for about four minutes just processing that.' The developer, Marcus Plaintext, has maintained that the password was 'temporary' and that he 'always meant to change it.' When asked why he had not changed it in six years, he cited 'a combination of inertia, the fact that it was easy to remember, and what I now recognize is a deeply ironic failure to practice what I preach.' Plaintext's VaultGuard account contained 847 unique, cryptographically strong passwords for various services, each generated by VaultGuard's own algorithm -- all protected by a master password that a determined child could guess. 'It's like a locksmith leaving his front door open,' said cybersecurity researcher Dr. Nadia Entropy. 'Actually, it's worse. It's like a locksmith building the world's most sophisticated lock, installing it on 2.3 million doors, and then propping his own door open with a brick labeled BRICK.' VaultGuard's board has issued a statement assuring users that the developer's password hygiene does not affect the security of the application itself, which 'employs industry-standard AES-256 encryption and has never been breached.' The statement adds that Plaintext has changed his master password to something 'significantly more robust.' When asked to confirm, Plaintext said his new password was 'very strong' but declined to share it, adding, somewhat defensively, 'I'm not making that mistake twice.' Hashimoto has offered to verify. Plaintext has declined.