Not Even Superheroes Have the Power to Stay Off Breached Password Lists
June 2021 by Specops Software researchers
Batman or Spiderman? Superman or Thor? Flash or Falcon? The infatuation with and intense debate over Marvel and DC superhero and villain supremacy among comic book aficionados is a year-round musing, but always intensifies during the summer months when the latest flick hits the Big Screen.
In conjunction with the new Loki (Marvel) series now streaming on Disney Plus, and with the forthcoming premiers of Black Widow (Marvel) and The Suicide Squad (DC), we analyzed the top Marvel and DC comic book characters to appear on breached password lists. This research comes just a few weeks after we revealed the top Star Wars themed breached passwords on May the 4th.
According to our new research, which analyzed more than 800 million breached passwords, a subset of the more than two billion breached passwords in Specops Breached Password Protection, ‘Loki’ (Marvel) took the top spot, appearing on breached password lists more than 151,000 times. ‘Thor’(Marvel), which appears almost 148,000 times and ‘Robin’, which shows up over 127,000 times round out the top three.
The top 40 Marvel and DC characters found within breached password lists include:
Password Category
Loki
Marvel
Thor
Marvel
Robin
DC
Joker
DC
Flash
DC
Batman
DC
Superman
DC
Vision
Marvel
Falcon
Marvel
Penguin
DC
Hulk
Marvel
Wanda
Marvel
Venom
Marvel
Spiderman
Marvel
Ironman
Marvel
Katana
DC
Hydra
Marvel
Wolverine
Marvel
Gambit
Marvel
Punisher
Marvel
Hawkeye
Marvel
Groot
Marvel
AntMan
Marvel
Deadpool
Marvel
Thanos
Marvel
Catwoman
DC
Magneto
Marvel
Riddler
DC
Cyclops
Marvel
Avengers
Marvel
Mystique
Marvel
WonderWoman
DC
Aquaman
DC
BlackWidow
Marvel
Gamora
Marvel
TwoFace
DC
Nightcrawler
Marvel
BlackPanther
Marvel
GreenLantern
DC
In total, the top 80 Marvel and DC characters appear on breached password lists more than 1.1 million times.
Improving password hygiene must be a top enterprise priority
Poor password hygiene continues to be one of the primary root causes of cyberattacks. Recently, it was revealed that hackers used a breached password to orchestrate the Colonial Pipeline ransomware attack, which disrupted the oil supply on the East Coast for nearly a week. In fact, passwords that show up on breached password lists leave enterprise email, apps, servers, and devices vulnerable to the unauthorized access needed to initiate a cyberattack.
To remain secure, companies must implement robust password policies that address weak and compromised passwords, like those that are known to be breached.?Specops Password Policy?integrates password best practices and guidelines from NIST or CMMC and makes it easier for IT admins to enforce stronger passwords and block weak passwords that appear on breached password lists.
Fan appreciation of both Marvel and DC characters, and the debate over which universe is the superior comic book world, will live on for a long time to come. But no matter how big of a fan you are, now is the time to update your password should you be using any of the characters found within breached password lists.