You’ve got to stop using your favorite superhero as a password - here’s why

Ironman is a strong comic book character, but a terrible password

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Batman may have top-notch security in his Batcave, but that doesn’t mean you should take inspiration for yourpasswords.

As a matter of fact, using superhero names as passwords is a common occurrence, making for low-hanging fruit for criminals looking to brute-force their way into online accounts and business networks.

Cybersecurity firm Specops Software recently analyzed more than 800 million breached passwords, looking for those that include the names ofMarvelor DC superheroes.

The company found that Loki was the most popular choice, appearing more than 151,000 times, while his brother Thor was used almost 148,000 times. DC characters are also well-represented, with Batman’s sidekick Robin featuring in 127,000 breached passwords.

In total, more than 1.1 million breached passwords included mention popular Marvel and DC characters.

Weak passwords

Weak passwords

Although no one wants their personal accounts compromised by cybercriminals, businesses have even more to lose as a result of this worrying trend.

For small and medium-sized businesses, poor password hygiene is one of the weakest links in the cybersecurity chain, the report adds. Many high-profile attacks, including the recent Colonial Pipeline incident, start with compromised credentials.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In order to stay safe, SMBs should focus on robust password policies. There are many measures organizations can take, such as requiring employees to create complex passwords or preventing them from using names of partners, important dates, home addresses and other easily obtainable data.

Businesses should also require employees to create a new password every few months, and make sure they don’t just change the last character when they do. And finally, two-factor authentication should always be enabled where possible, providing an additional layer of protection.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

5 must-have Android apps