Cincinnati Reds fans: It’s especially time for you to rethink your team as a common part of your credentials.
The start of Major League Baseball season is upon us, and password security firm Specops software is using the yearly milestone to remind people that easily guessed passwords like those containing MLB team or mascot names are a sure-fire way to strike out on keeping your account safe.
“Hackers are known to be opportunistic,” said Specops’ Darren Siegel, adding that current events like the start of baseball season or film and music awards seasons give attackers a reason to use related keywords and phrases when trying to breach accounts.
Specops combed its database of breached passwords, analyzing more than 800 million records to arrive at this list of the baseball team names most commonly used in stolen passwords:
Los Angeles Angels
Tampa Bay Rays
New York Mets
New York Yankees
Boston Red Sox
San Francisco Giants
Los Angeles Dodgers
Kansas City Royals
St. Louis Cardinals
San Diego Padres
Chicago White Sox
Toronto Blue Jays
The Cincinnati Reds, which ranked first, was found nearly 150,000 times. Specops also looked at MLB team mascots and was surprised to find which were the most commonly occurring. “While we thought we might find an abundance of Phillie Phanatic, Billy the Marlin, Wally the Green Monster and Mr. and Mrs. Met, each of those famous mascots appeared less than 500 times,” Siegel said.
In reality, the most commonly found team mascots in compromised passwords were Houston’s Orbit, Cincinnati’s Gapper, Detroit’s Paws, Toronto’s Ace, Colorado’s Dinger, Atlanta’s Blooper, and Arizona’s Baxter, each of which appeared several thousand times.
What this list teaches us is that the need for strong passwords and better password management continues to be an urgent one.
“Social engineering and AI-driven ‘spray and pray’ attacks are escalating the frequency and sophistication of attempted credential theft, meaning it’s easier than ever for an attacker to obtain passwords for nefarious reasons,” Siegel said.
Individuals wondering how to create better passwords should follow these five tips:
Use at least 10 characters; the longer the password, the stronger it is.
If you’re going to use common words, insert a random character somewhere in the middle, like “Tige-rs” if you’re a Detroit baseball fan.
Use numbers and special characters, but avoid 1 and !, both of which are incredibly common.
Capitalize at random, not just at the beginning of a word.
Use a password manager so you can create random, super-complex passwords and never have to remember them.