Blocked! How to Be Smarter About Password Management
The UEFA European Football Championship over the summer brought on a flurry of soccer-related activity online among Euros fans. Social media feeds were filled with competitive banter, comments, predictions, and reactions and the tournament pressed on, taking over news feeds. One of the other digital trends that emerged during this time was the rise in soccer (football) themed passwords.
It sounds harmless enough, but the problem is that when passwords become popular, they become easy targets for hackers. According to Threatpost, the password “football” shows up “353,993 times in the database of 1 billion unique, clear-text, breached passwords maintained by authentication firm Authlogics.” And that’s just the most obvious. Here are some of the other passwords they found:
| Top 5 football terms | Number of occurrences |
| Football | 353,993 |
| Liverpool | 215,842 |
| Chelsea | 172,727 |
| Arsenal | 151,936 |
| Barcelona | 131,090 |
| Total | 1,136,155 |
In this case, hackers use the dictionary attack vector in which they try to guess passwords by running through thousands of random words using sources like Wikipedia’s databases or the Project Gutenberg free eBook collection. When there are lots of words clustered around one theme, such as soccer, the hacker’s job gets much easier.
So what can people do? The simple solution is to avoid spelling out any common words in a password — especially popular ones. Use various obscure passwords and passphrases that you save in a secure password manager. Check out this Ultimate Password Management Guide for tips.
Threatpost also recommends:
-
Replace the password with a pattern. As opposed to using a word, which is easily recognizable and easily stolen, use a code or pattern formed out of letters or numbers which is unique to you.
-
Use a variety of different symbols: A combination of letters (some upper case and some lower), numbers and symbols…This is particularly important if you are insistent on having your favorite football team in your password.
Try your absolute best to not reuse passwords. While this might mean you need to remember more passwords (or use a password manager) it goes a long way to limiting the damage should one of your accounts become breached.
Learn more about dictionary attacks and password safety in the Threatpost article here.
