Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Not Even Superheroes Have the Power to Stay Off Breached Password Lists

June 2021 by Specops Software researchers

Batman or Spiderman? Superman or Thor? Flash or Falcon? The infatuation with and intense debate over Marvel and DC superhero and villain supremacy among comic book aficionados is a year-round musing, but always intensifies during the summer months when the latest flick hits the Big Screen.

In conjunction with the new Loki (Marvel) series now streaming on Disney Plus, and with the forthcoming premiers of Black Widow (Marvel) and The Suicide Squad (DC), we analyzed the top Marvel and DC comic book characters to appear on breached password lists. This research comes just a few weeks after we revealed the top Star Wars themed breached passwords on May the 4th.

According to our new research, which analyzed more than 800 million breached passwords, a subset of the more than two billion breached passwords in Specops Breached Password Protection, ‘Loki’ (Marvel) took the top spot, appearing on breached password lists more than 151,000 times. ‘Thor’(Marvel), which appears almost 148,000 times and ‘Robin’, which shows up over 127,000 times round out the top three.

The top 40 Marvel and DC characters found within breached password lists include:

Password Category

Loki Marvel

Thor Marvel

Robin DC

Joker DC

Flash DC

Batman DC

Superman DC

Vision Marvel

Falcon Marvel

Penguin DC

Hulk Marvel

Wanda Marvel

Venom Marvel

Spiderman Marvel

Ironman Marvel

Katana DC

Hydra Marvel

Wolverine Marvel

Gambit Marvel

Punisher Marvel

Hawkeye Marvel

Groot Marvel

AntMan Marvel

Deadpool Marvel

Thanos Marvel

Catwoman DC

Magneto Marvel

Riddler DC

Cyclops Marvel

Avengers Marvel

Mystique Marvel

WonderWoman DC

Aquaman DC

BlackWidow Marvel

Gamora Marvel

TwoFace DC

Nightcrawler Marvel

BlackPanther Marvel

GreenLantern DC

In total, the top 80 Marvel and DC characters appear on breached password lists more than 1.1 million times.

Improving password hygiene must be a top enterprise priority

Poor password hygiene continues to be one of the primary root causes of cyberattacks. Recently, it was revealed that hackers used a breached password to orchestrate the Colonial Pipeline ransomware attack, which disrupted the oil supply on the East Coast for nearly a week. In fact, passwords that show up on breached password lists leave enterprise email, apps, servers, and devices vulnerable to the unauthorized access needed to initiate a cyberattack.

To remain secure, companies must implement robust password policies that address weak and compromised passwords, like those that are known to be breached. Specops Password Policy integrates password best practices and guidelines from NIST or CMMC and makes it easier for IT admins to enforce stronger passwords and block weak passwords that appear on breached password lists.

Fan appreciation of both Marvel and DC characters, and the debate over which universe is the superior comic book world, will live on for a long time to come. But no matter how big of a fan you are, now is the time to update your password should you be using any of the characters found within breached password lists.

See previous articles


See next articles