Cincinnati Reds fans: It's especially time for you to rethink your team as a common part of your credentials.
The start of Major League Baseball season is upon us, and password security firm Specops software is using the yearly milestone to remind people that easily guessed passwords like those containing MLB team or mascot names are a sure-fire way to strike out on keeping your account safe.
"Hackers are known to be opportunistic," said Specops' Darren Siegel, adding that current events like the start of baseball season or film and music awards seasons give attackers a reason to use related keywords and phrases when trying to breach accounts.
SEE: Identity theft protection policy (TechRepublic Premium)
Specops combed its database of breached passwords, analyzing more than 800 million records to arrive at this list of the baseball team names most commonly used in stolen passwords:
- Cincinnati Reds
- Los Angeles Angels
- Tampa Bay Rays
- New York Mets
- Minnesota Twins
- Detroit Tigers
- Texas Rangers
- Chicago Cubs
- New York Yankees
- Boston Red Sox
- San Francisco Giants
- Pittsburgh Pirates
- Atlanta Braves
- Houston Astros
- Los Angeles Dodgers
- Kansas City Royals
- Cleveland Indians
- St. Louis Cardinals
- San Diego Padres
- Philadelphia Phillies
- Chicago White Sox
- Colorado Rockies
- Baltimore Orioles
- Miami Marlins
- Seattle Mariners
- Milwaukee Brewers
- Washington Nationals
- Oakland Athletics
- Toronto Blue Jays
- Arizona Diamondbacks
The Cincinnati Reds, which ranked first, was found nearly 150,000 times. Specops also looked at MLB team mascots and was surprised to find which were the most commonly occurring. "While we thought we might find an abundance of Phillie Phanatic, Billy the Marlin, Wally the Green Monster and Mr. and Mrs. Met, each of those famous mascots appeared less than 500 times," Siegel said.
In reality, the most commonly found team mascots in compromised passwords were Houston's Orbit, Cincinnati's Gapper, Detroit's Paws, Toronto's Ace, Colorado's Dinger, Atlanta's Blooper, and Arizona's Baxter, each of which appeared several thousand times.
What this list teaches us is that the need for strong passwords and better password management continues to be an urgent one.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
"Social engineering and AI-driven 'spray and pray' attacks are escalating the frequency and sophistication of attempted credential theft, meaning it's easier than ever for an attacker to obtain passwords for nefarious reasons," Siegel said.
Individuals wondering how to create better passwords should follow these five tips:
- Use at least 10 characters; the longer the password, the stronger it is.
- If you're going to use common words, insert a random character somewhere in the middle, like "Tige-rs" if you're a Detroit baseball fan.
- Use numbers and special characters, but avoid 1 and !, both of which are incredibly common.
- Capitalize at random, not just at the beginning of a word.
- Use a password manager so you can create random, super-complex passwords and never have to remember them.
Businesses shouldn't put the onus solely on individuals, and should also do their part to enhance company password hygiene with these tips:
- Use automated password management tools that generate long, complex passwords and store them behind something more easily remembered.
- Force password changes regularly, but not as often as you think: Once a year will do it unless an account has been compromised, at which point the password should be changed immediately.
- Use multifactor authentication or single sign-on products and require users to use them.
- Balance user needs with security needs: If password rules are cumbersome people will find a convenient workaround that can compromise organizational security.
- Train users on what makes a good password, how to safely store them and other password safety policies and best practices.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)