Specops Software Reveals the Most Commonly Leaked Christmas Related Passwords


Specops Software has analysed over 800 million
passwords in its Breached Password Database and has revealed the
most leaked Christmas related passwords that are currently being
unsafely used by millions of people.

The most commonly leaked Christmas passwords are:

  1. Star
  2. Angel
  3. God
  4. Elf
  5. Jesus
  6. Snow
  7. Carol
  8. Noel
  9. Santa
  10. Chocolate
  11. Gift
  12. Bells
  13. December
  14. Xmas
  15. Jolly

Darren James, Product Specialist with Specops
Software, said: “With the winter holidays right around the
corner, we asked our research team to dig into which holidays are
most popular,we analysed over 800 million
breached passwords
to find out.

“The reason people choose holiday-related terms when creating
their passwords is because they struggle to make a password that is
both secure and memorable. This results in weak passwords that
follow predictable patterns and are reused between different
services. These passwords are easy to guess and commonly appear in
lists of breached passwords.

“This data, while fun, will come as no surprise to the IT
admins we talk to. They’re often aware that the passwords their
employees are using are common or weak, but it can be hard to
measure it. If you’re looking to quantify the weak or leaked
password problem in your environment, I’d recommend running a
scan with our free Password Auditor.”

The compromised password problem can be an expensive one. IBM
recently reported the global average cost of a data breach in 2020
to be $3.86 million.

Here are some of Specops Software’s tips for creating a strong

  1. #thinkrandom

Three random words, also known as
is an initiative from the NCSC to educate the
general public on how to choose secure passwords that are still
easy to remember. The initiative was introduced to undo years of
security advice that told people to combine different character
types when creating passwords. Research has since found that
character complexity requirements failed to achieve what it set out
to do – make passwords harder to crack.

  1. Don’t use easy to guess passwords

The three random words initiative is designed to address
billions of weak passwords that are easy to guess. This means that
even without sophisticated password cracking techniques, hackers
can come up with likely passwords to try on different accounts,
either in a credential stuffing attack or in a targeted attack
against an individual. Easy-to-guess passwords with multiple
character types include ‘Liverpool#1’, ‘Pa$$word7’,
‘Spring2020!’. Examples of three random words passwords
provided by the NCSC include: ‘coffeetrainfish’ and

  1. Make your password long enough

When it comes to making strong passwords, the single most
important factor is the length of the password. As long as a
password isn’t easily guessable by other means (e.g. use of
common words, username, repeating characters) length is your best
friend for mitigating brute force attacks.

The post
Specops Software Reveals the Most Commonly Leaked Christmas Related
appeared first on The Fintech Times.