Specops Software has analysed over 800 million passwords in its Breached Password Database and has revealed the most leaked Christmas related passwords that are currently being unsafely used by millions of people.
The most commonly leaked Christmas passwords are:
Darren James, Product Specialist with Specops Software, said: “With the winter holidays right around the corner, we asked our research team to dig into which holidays are most popular, we analysed over 800 million breached passwords to find out.
“The reason people choose holiday-related terms when creating their passwords is because they struggle to make a password that is both secure and memorable. This results in weak passwords that follow predictable patterns and are reused between different services. These passwords are easy to guess and commonly appear in lists of breached passwords.
“This data, while fun, will come as no surprise to the IT admins we talk to. They’re often aware that the passwords their employees are using are common or weak, but it can be hard to measure it. If you’re looking to quantify the weak or leaked password problem in your environment, I’d recommend running a scan with our free Password Auditor.”
The compromised password problem can be an expensive one. IBM recently reported the global average cost of a data breach in 2020 to be $3.86 million.
Here are some of Specops Software’s tips for creating a strong password:
Three random words, also known as #thinkrandom, is an initiative from the NCSC to educate the general public on how to choose secure passwords that are still easy to remember. The initiative was introduced to undo years of security advice that told people to combine different character types when creating passwords. Research has since found that character complexity requirements failed to achieve what it set out to do – make passwords harder to crack.
- Don’t use easy to guess passwords
The three random words initiative is designed to address billions of weak passwords that are easy to guess. This means that even without sophisticated password cracking techniques, hackers can come up with likely passwords to try on different accounts, either in a credential stuffing attack or in a targeted attack against an individual. Easy-to-guess passwords with multiple character types include ‘Liverpool#1’, ‘Pa$$word7’, ‘Spring2020!’. Examples of three random words passwords provided by the NCSC include: ‘coffeetrainfish’ and ‘walltinshirt’.
- Make your password long enough
When it comes to making strong passwords, the single most important factor is the length of the password. As long as a password isn’t easily guessable by other means (e.g. use of common words, username, repeating characters) length is your best friend for mitigating brute force attacks.