In May, Specops Software, a password management and authentication company, released a roundup of “Star Wars”-themed breached passwords for the sci-fi holiday May 4 also known as Star Wars Day. On Monday, the company brought the DC and Marvel universes into the fold and released a roundup of commonly used superheroes found on compromised password lists.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Turns out, superhero characters used as passwords still could use a healthy dose of special characters and numbers.
“Fan appreciation of both Marvel and DC characters, and the debate over which universe is the superior comic book world, will live on for a long time to come. But no matter how big of a fan you are, now is the time to update your password should you be using any of the characters found within breached password lists,” said a portion of the Specops blog post.
SEE: Security incident response policy (TechRepublic Premium)
To determine the list, the company said it assessed more than 800 million breached passwords from a subset of more than 2 billion breach passwords in Specops Breached Password Protection. Having appeared on lists of breached passwords more than 151,000 times, Marvel’s Loki ranked No. 1 in Specops findings. Runner-up “Thor” appeared on breached password lists nearly 148,000 times to edge out No. 3 “Robin.” In order, “Joker” and “Flash” round out the top five.
Interestingly, the top 10 includes six DC characters compared to Marvel’s four appearances with “Batman” (DC), “Superman” (DC), “Vision” (Marvel), “Falcon” (Marvel) and “Penguin” (DC) topping the list. The findings add a cybersecurity fold to the classic debate about the two comic book universes.
“When it comes to Marvel vs DC, I don’t know if I can pick a side. But the good news is that when it comes to password security – the safe side is picking neither. Hackers love to craft attacks that make use of things us humans love – including our favorite comic book characters,” said Darren James, product specialist at Specops Software via email.
Critical infrastructure cyberattacks
In recent months, there have been a number of high-profile cybersecurity attacks on critical U.S. infrastructure including a water treatment facility in Florida, JBS Foods ransomware attack and the Colonial Pipeline incident. James discussed the importance of password security in light of recent cybercriminal activity.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
“Now more than ever it’s important to take care of the weakest link in your network security – the password. We’ve seen attackers take advantage of insufficient password policies in damaging attacks like what happened in the Colonial Pipeline attack,” James said.
“A good start is to make sure that the passwords in use in your organization are not on a breached password list. Our latest research shows that more than 1.1 million comic fans around the world should be taking this action as soon as possible,” he continued.
Those so inclined can peruse the full list of superheroes found on breached passwords lists here.