Strong and weak easy Password. Note pad and laptop.
Cybersecurity Editor's Choice Europe Fintech

Specops Software Reveals the Most Commonly Leaked Christmas Related Passwords

Specops Software has analysed over 800 million passwords in its Breached Password Database and has revealed the most leaked Christmas related passwords that are currently being unsafely used by millions of people.

The most commonly leaked Christmas passwords are:

  1. Star
  2. Angel
  3. God
  4. Elf
  5. Jesus
  6. Snow
  7. Carol
  8. Noel
  9. Santa
  10. Chocolate
  11. Gift
  12. Bells
  13. December
  14. Xmas
  15. Jolly

Darren James, Product Specialist with Specops Software, said: “With the winter holidays right around the corner, we asked our research team to dig into which holidays are most popular, we analysed over 800 million breached passwords to find out.

“The reason people choose holiday-related terms when creating their passwords is because they struggle to make a password that is both secure and memorable. This results in weak passwords that follow predictable patterns and are reused between different services. These passwords are easy to guess and commonly appear in lists of breached passwords.

“This data, while fun, will come as no surprise to the IT admins we talk to. They’re often aware that the passwords their employees are using are common or weak, but it can be hard to measure it. If you’re looking to quantify the weak or leaked password problem in your environment, I’d recommend running a scan with our free Password Auditor.”

The compromised password problem can be an expensive one. IBM recently reported the global average cost of a data breach in 2020 to be $3.86 million.

Here are some of Specops Software’s tips for creating a strong password:

  1. #thinkrandom

Three random words, also known as #thinkrandom, is an initiative from the NCSC to educate the general public on how to choose secure passwords that are still easy to remember. The initiative was introduced to undo years of security advice that told people to combine different character types when creating passwords. Research has since found that character complexity requirements failed to achieve what it set out to do – make passwords harder to crack.

  1. Don’t use easy to guess passwords

The three random words initiative is designed to address billions of weak passwords that are easy to guess. This means that even without sophisticated password cracking techniques, hackers can come up with likely passwords to try on different accounts, either in a credential stuffing attack or in a targeted attack against an individual. Easy-to-guess passwords with multiple character types include ‘Liverpool#1’, ‘Pa$$word7’, ‘Spring2020!’. Examples of three random words passwords provided by the NCSC include: ‘coffeetrainfish’ and ‘walltinshirt’.

  1. Make your password long enough

When it comes to making strong passwords, the single most important factor is the length of the password. As long as a password isn’t easily guessable by other means (e.g. use of common words, username, repeating characters) length is your best friend for mitigating brute force attacks.


  • Polly is a journalist, content creator and general opinion holder from North Wales. She has written for a number of publications, usually hovering around the topics of fintech, tech, lifestyle and body positivity.

Related posts

11Onze Replace Chatbots With 50, CISI Certified, Human Agents With Financial and Banking Knowledge

Francis Bignell

Behind the Idea: Vodeno

The Fintech Times

MEA Women in Fintech with Noha Shaker from Egypt

Richie Santosdiaz