Yankees fans are the worst at passwords

OK, so maybe that’s a bit of an over-simplification. But in honor of March Madness, let’s look at how sports fans rank in another competitive field: security. 

According to Splash Data, the Top 25 most common (and therefore, worst) sports-related passwords are:

  1. baseball
  2. football
  3. hockey
  4. jordan
  5. soccer
  6. yankees
  7. jordan23
  8. eagles
  9. golfer
  10. steelers
  11. rangers
  12. lakers
  13. arsenal
  14. cowboys
  15. tigers
  16. tennis
  17. nascar
  18. raiders
  19. angel
  20. redsox
  21. packers
  22. giants
  23. redskins
  24. gators
  25. dolphins

Obviously, these passwords all meet the “easy-to-remember” criterion, but they might fall pretty short on “hard to guess” and “unique.”

But, hey, at least give “jordan23” credit for having a number in it.

Weakest of the weak

These passwords would be 14th seeds, at best. They might get by one round, but there’s no way they’d get far before someone eliminates them.

(OK, end of the awful sports analogies. I promise.)

There are a few reasons these passwords are especially awful, though: Not only are they common words that could be run through a dictionary attack where common passwords are tried, they’re also easy to guess through normal methods.

If your Facebook profile picture is a Cowboys helmet and you go to all the home games, a reasonably savvy attacker could guess your password is some variation of “cowboys,” “gocowboys” or “cowboysfan.”

Remind users that if their password is something that is intrinsic to who they are, where they went to school or what they enjoy, it’s easy enough to figure that out. It’s the same as the security question problem, where it’s so easy to find a mother’s maiden name or significant other online that the question is less secure than ever before.

Ultimately, though, notice that these passwords have one thing in common: While they’re incredibly weak, all were strong enough to be accepted.

Make sure your systems don’t allow for passwords that are only letters, not digits, and that contain no special characters or upper- and lower-case requirements.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy