March Madness brings out the sports fans in the United States like few other events. Old alma mater colors start to rotate into people’s wardrobes, and there’s always someone in the office chattering about filling out brackets. Some folks take their fandom a little too far though, and it could be that their association with their old school is putting them at risk for cybercrime.
This year, Keeper Security, Inc got in on the madness, and filled out a bracket of its own. It used data culled from the Dark Web by research company 4iQ. Keeper Security created a “Password Madness” bracket to highlight sports fans’ overuse of mascot names in their passwords.
Of the myriad mascot names, “Tiger” and variants such as “T1ger” or “t1g3r,” was the most common password found among the 28.7 million leaked passwords surveyed in the research. It appeared 187 percent more than “Eagle” and its variants, and a whopping 850 percent more than “Bluejay,” the least used mascot password.
Keeper Security CEO Darren Guccione states that “people often choose their passwords based on something they can easily remember, such as a mother’s maiden name, a family pet, or in this case, as school mascot … Since most people reuse the same password more than 80 percent of the time this can compromise consumers’ banking, retail and social media accounts.”
Guccione also says that these kinds of passwords are the easiest for cybercriminals to guess or hack. Even cursory information about where you live and what school you went to could provide them with enough information to socially engineer a hack.
Keeper Security, a password management company, in addition to recommending shopping for a password manager and digital vault, suggests following best practices. When choosing a password, avoid using team names, instead focusing on creating a “unique, high-strength password … contain[ing] at least eight random characters of upper and lower-case letters, numbers and symbols.” It’s also good practice to start using two-factor authentication, and if the device or account allows, some form of biometric authentication. Lastly, be sure to generate unique passwords for each account, staying away from standard keystroke combinations (qwerty, 123321, etc.).