What can breached passwords tell us? With the Euros underway, they can tell us to stop and think

Here at Authlogics, we’re extremely privileged to have access to a cache of password-related data. The Password Breach Database is a treasure trove for security analysis, allowing us to use the 1 billion unique clear text passwords to develop trends and patterns found in data breaches that have exposed passwords, allowing us to make inferences and judgments about the state of password security, based on the associated data. 

Unless you’ve been living off the grid for the past few months, you’ll be aware that the UEFA European Football Championship (or just the Euro’s) is taking place across Europe. This event, rescheduled from last summer as we (hopefully) gain more of a handle on the pandemic, is a chance for football fans from across the continent to cheer on their teams after a year of uncertainty and anxiety. 

So, what does this have to do with passwords, you might ask? Well, our extensive database of breached passwords shows that when people are coming up with their passwords, football is often top of mind. Our Password Breach Database shows that of the 1 billion breached passwords, there are well over 1 million associated with football. See below for an example of these instances: 

Top 5 football terms  Number of occurrences 
Football  353,993
Liverpool  215,842
Chelsea  172,727
Arsenal  151,936
Barcelona 131,090
Total  1,136,155 

This mind-boggling number of passwords associated with football poses an obvious problem. These breached passwords are obviously insecure due to the breach itself, but they also speak to serious problems for other accounts owned by the compromised individuals. Google research tells us that 52% of people reuse the same password for multiple (but not all) accounts, just 33% use a different password for all accounts, and 13% reuse the same password for all their accounts. 

Therefore, if your password has been breached on one account, and you are one of the 52% of people who reuse their passwords regularly, you might find other accounts which were not breached also compromised. As well as this, the amount of public information which we willingly share on the Internet is a further issue when it comes to password security. If someone is aware of the amount of passwords that are associated with football, and are able to use social engineering tactics to discover which team an individual supports, they can make a good, educated guess as to their password to not just one, but multiple accounts. 

If the Euros have meant that Harry Kane and Mason Mount are top of mind as an England fan, consider some of the below before you decide on your latest password: 

  • Replace the password with a pattern (Such as our PINgrid product): As opposed to using a word, which is easily recognisable and easily stolen, use a code or pattern formed out of letters or numbers which is unique to you. 
  • Use a variety of different symbols: A combination of letters (some upper case and some lower), numbers, and symbols…This is particularly important if you are insistent on having your favourite football team in your password! 
  • Try your absolute best to not reuse passwords. While this might mean you need to remember more passwords (or use a password manager) it goes a long way to limiting the damage should one of your accounts become breached.

Ultimately, we’d like to see a world without passwords. But until that day comes, following best practices when developing your passwords is half the battle! 

For more information about how we can help to keep your online accounts safe, visit www.intercede.com 

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.