Christmas Passwords

Intercede Reveals the Top Ten Breached Christmas – Related Passwords

Owner of the World’s Largest Password Breach Database Gives

Tips to Avoid Festive Theft and Fraud  

LEICESTER, UK, ** DECEMBER 2024, Intercede, the global leader in managing digital identities and custodian of the world’s largest repository of breached passwords, today revealed the top ten most compromised Christmas-related passwords.

Online shoppers are advised to be cautious when creating new accounts and changing their passwords during the festive season.  The warning comes as Intercede’s Password Breach Database surpasses 11 billion worldwide records, that is more than one breached credential for every person on Earth.

The Top Ten Most Breached Accounts with Christmas-related passwords:

  1. snowball
  2. christmas
  3. snowman
  4. snowflake
  5. snowball1
  6. christmas1
  7. snowman1
  8. Christmas
  9. Snowball
  10. Santa

Other seasonal passwords that rank highly in the database include: candycane, santaclaus, gingerbread, xmas, merrychristmas, mistletoe, presents and nativity.

Acting CTO at Intercede, James Westgate, states: “This time of year many people are creating new accounts and changing passwords as they shop online, often using the same memorable festive word to make life easier during what can be a stressful time. By choosing these types of passwords it can make all a cybercriminal’s Christmases come at once and ruin yours.”

However, the password problem is not restricted to Christmas. In just two years, the number of breached records held within Intercede’s Password Breach Database (the largest of its type in the world) has doubled. In September 2024, the National Institute of Standards and Technology (NIST), an organisation based in the U.S. that sets the gold standard for password best practice around the world, updated its guidelines, recommending passwords should be a minimum of 15 characters and as many as 64 characters.

Westgate adds: “The length of passwords has changed very little in the past 10 years, remaining at around eight characters. As our top ten highlights, people will often choose convenience over complexity. By taking simple steps such as having a different password for each account, making them longer, avoiding obvious words and not sharing them with others, you will have the best chance of protecting not only yourself but the businesses you buy from. This can be made simpler by taking advantage of strong password recommendations within browsers and using one of the many password managers available”

About Intercede

Intercede is a cybersecurity software company specialising in digital identities and strong authentication, its innovative solutions enable organisations to protect themselves against the number one cause of data breach: compromised user credentials.

The Intercede suite of products allows customers to choose the level of security that best fits their needs, from Secure Registration and ID Verification to Password Security Management, One-Time Passwords, FIDO and PKI. Uniquely, Intercede provides the entire set of authentication options from Passwords to PKI, supporting customers on their journey to passwordless and stronger authentication environments. In addition to developing and supporting Intercede software, the Group also manages the world’s largest password breach database.

For over 20 years, global customers in government, aerospace and defence, financial services, healthcare, telecommunications, cloud services and information technology have trusted Intercede solutions and expertise in protecting their mission critical data and systems at the highest level of assurance https://www.intercede.com/

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.