Don’t give hackers a home run by using these baseball team names in your passwords


Cincinnati Reds fans: It’s especially time for you to rethink your team as a common part of your credentials.

Artur Didyk, Getty Images/iStockphoto

The start of Major League Baseball season is upon us, and password security firm Specops software is using the yearly milestone to remind people that easily guessed passwords like those containing MLB team or mascot names are a sure-fire way to strike out on keeping your account safe. 

“Hackers are known to be opportunistic,” said Specops’ Darren Siegel, adding that current events like the start of baseball season or film and music awards seasons give attackers a reason to use related keywords and phrases when trying to breach accounts.

SEE: Identity theft protection policy (TechRepublic Premium)

Specops combed its database of breached passwords, analyzing more than 800 million records to arrive at this list of the baseball team names most commonly used in stolen passwords: 

  1. Cincinnati Reds
  2. Los Angeles Angels
  3. Tampa Bay Rays
  4. New York Mets
  5. Minnesota Twins
  6. Detroit Tigers
  7. Texas Rangers
  8. Chicago Cubs
  9. New York Yankees
  10. Boston Red Sox
  11. San Francisco Giants
  12. Pittsburgh Pirates
  13. Atlanta Braves
  14. Houston Astros
  15. Los Angeles Dodgers
  16. Kansas City Royals
  17. Cleveland Indians
  18. St. Louis Cardinals
  19. San Diego Padres
  20. Philadelphia Phillies
  21. Chicago White Sox
  22. Colorado Rockies
  23. Baltimore Orioles
  24. Miami Marlins
  25. Seattle Mariners
  26. Milwaukee Brewers
  27. Washington Nationals
  28. Oakland Athletics
  29. Toronto Blue Jays
  30. Arizona Diamondbacks

The Cincinnati Reds, which ranked first, was found nearly 150,000 times. Specops also looked at MLB team mascots and was surprised to find which were the most commonly occurring. “While we thought we might find an abundance of Phillie Phanatic, Billy the Marlin, Wally the Green Monster and Mr. and Mrs. Met, each of those famous mascots appeared less than 500 times,” Siegel said. 

In reality, the most commonly found team mascots in compromised passwords were Houston’s Orbit, Cincinnati’s Gapper, Detroit’s Paws, Toronto’s Ace, Colorado’s Dinger, Atlanta’s Blooper, and Arizona’s Baxter, each of which appeared several thousand times.

What this list teaches us is that the need for strong passwords and better password management continues to be an urgent one. 

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

“Social engineering and AI-driven ‘spray and pray’ attacks are escalating the frequency and sophistication of attempted credential theft, meaning it’s easier than ever for an attacker to obtain passwords for nefarious reasons,” Siegel said.

Individuals wondering how to create better passwords should follow these five tips

  • Use at least 10 characters; the longer the password, the stronger it is.
  • If you’re going to use common words, insert a random character somewhere in the middle, like “Tige-rs” if you’re a Detroit baseball fan.
  • Use numbers and special characters, but avoid 1 and !, both of which are incredibly common.
  • Capitalize at random, not just at the beginning of a word.
  • Use a password manager so you can create random, super-complex passwords and never have to remember them.

Businesses shouldn’t put the onus solely on individuals, and should also do their part to enhance company password hygiene with these tips: 

  • Use automated password management tools that generate long, complex passwords and store them behind something more easily remembered.
  • Force password changes regularly, but not as often as you think: Once a year will do it unless an account has been compromised, at which point the password should be changed immediately.
  • Use multifactor authentication or single sign-on products and require users to use them.
  • Balance user needs with security needs: If password rules are cumbersome people will find a convenient workaround that can compromise organizational security.
  • Train users on what makes a good password, how to safely store them and other password safety policies and best practices.

Also see



Source link