You've got to stop using your favorite superhero as a password - here's why
Ironman is a strong comic book character, but a terrible password
Batman may have top-notch security in his Batcave, but that doesn’t mean you should take inspiration for your passwords.
As a matter of fact, using superhero names as passwords is a common occurrence, making for low-hanging fruit for criminals looking to brute-force their way into online accounts and business networks.
Cybersecurity firm Specops Software recently analyzed more than 800 million breached passwords, looking for those that include the names of Marvel or DC superheroes.
- Here’s our list of the best password managers right now
- We’ve built a list of the best business password managers on the market
- Check out our list of the best identity theft protection available
The company found that Loki was the most popular choice, appearing more than 151,000 times, while his brother Thor was used almost 148,000 times. DC characters are also well-represented, with Batman's sidekick Robin featuring in 127,000 breached passwords.
In total, more than 1.1 million breached passwords included mention popular Marvel and DC characters.
Weak passwords
Although no one wants their personal accounts compromised by cybercriminals, businesses have even more to lose as a result of this worrying trend.
For small and medium-sized businesses, poor password hygiene is one of the weakest links in the cybersecurity chain, the report adds. Many high-profile attacks, including the recent Colonial Pipeline incident, start with compromised credentials.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In order to stay safe, SMBs should focus on robust password policies. There are many measures organizations can take, such as requiring employees to create complex passwords or preventing them from using names of partners, important dates, home addresses and other easily obtainable data.
Businesses should also require employees to create a new password every few months, and make sure they don’t just change the last character when they do. And finally, two-factor authentication should always be enabled where possible, providing an additional layer of protection.
- Here's our rundown of the best identity management software around
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.