Olympic-themed passwords put people at risk

Beyond using "tokyo" and "olympics" as their passwords, people have been turning to names of athletes, such as "kenny," "williams," and "asher," says NordPass.

20210713-olympics-karen.jpg

Image: Mackenzie Burke

Devising passwords for your website accounts is always a challenge. That's why many people look to current events for inspiration. But that strategy is a recipe for trouble as it often leads to simple and weak passwords, making you easy prey for cybercriminals. A report released Tuesday by password manager NordPass looks at the most popular and weak Olympic-themed passwords floating in cyberspace.

SEE: Password Management Policy (TechRepublic)

With the Tokyo 2020 Olympics finally being held in 2021 due to the pandemic, people have been cheering on their favorite sports and rooting for their favorite athletes. As the games have created a lot of buzz and excitement, people naturally draw inspiration from them. And apparently that factor carries over into cybersecurity.

The latest research from NordPass shows that people are creating passwords based on Olympic events and athletes despite warnings from cybersecurity experts not to use simple or weak passwords. Among the sporting events themselves, "football" scores the top goal by being used as a password more than 5.8 million times, according to NordPass' analysis.

"Baseball" hits a run as a password in use more than 4.1 million times. "Golf" putts as a password more than 3.2 million times, followed by "hockey" at 2.6 million times, "tennis" at 1.5 million times and "basketball" at 1.4 million times.

The names of athletes competing in the Olympics also popped up as popular passwords in NordPass' analysis. Among them, "kenny" appeared 1.3 million times, "williams" more than 1 million times, "asher" 1 million times and "riner" 265,971 times. Other go-to athlete-inspired passwords include "masse" at 261,997 times, "curry" at 196,0165 times, "gonzales" at 194,129 times, "osaka" at 87,725 times, "sindhu" at 84,261 times, "federer" at 82,897 times and "biles" at 57,331 times.

The word "tokyo" was used as a password 231,818 times and "olympics" was used 27,881 times.

Though Olympic fever is all well and good, a line should be drawn in the sand when it comes to celebrating the games through your own cybersecurity.

"These passwords can be cracked almost instantly—that's the main issue," said NordPass security experts Chad Hammond. "While it's amazing to support your favorite sport or athlete, it's not advisable to take that support to your passwords as it really compromises your security. In fact, even if you don't support, let's say, Kylie Masse, but have the same last name as her, don't use that as your password, as 261,997 people already have."

Relying on current events to devise your passwords is nothing new.

"Earlier this year, NordPass reported that such passwords as "corona," "lockdown," and other words or phrases that have defined our lives in the past year are also used as passwords quite often," Hammond added. "We've also noticed that people often simply use their names, favorite sports teams, or the name of the service they're registering for."

To better protect your website accounts with strong passwords and security, Hammond offers the following advice:

  1. Update all your passwords and use unique and complex ones to secure your accounts. Try using a password generator to create passwords that are difficult or impossible to guess.
  2. Use a password manager. Such tools can generate and store passwords. More advanced password managers include data breach scanners that can tell you if any of your accounts may have been compromised.
  3. Use two-factor authentication (2FA) where possible. Whether you rely on 2FA through an app, biometric data, or a physical security key, your accounts will be safer with that extra layer of security.

Also see