Here’s why pop culture and passwords don’t mix
Were they on a break or not?! For nearly a decade, Ross and Rachel’s on-screen relationship was a point of contention for millions of viewers around the world. It’s no surprise to learn that years after the series finale, they are not only TV’s most beloved characters, but their names are popular account passwords, too. That’s right. More than thousands of internet users love Rachel, Monica, Joey, Chandler, Ross and Phoebe enough to use their names as passwords.
Wondering about trends, we turned to haveibeenpwned (HIBP) — the website that aggregates data from known breaches — for pop culture favorites. (Firefox Monitor draws from HIBP to help people learn if they’ve been caught up in a data breach and take steps to protect themselves.)
We couldn’t access any data files, browse lists of passwords or link passwords to logins — that info is inaccessible and kept secure — but we could look up random bad passwords manually on HIBP. It turns out, quite a lot of sitcom and sports fans are using pop culture passwords for their accounts. These bad passwords are not only weak, they have also been breached. Here’s what we spotted.
No soup for these friendly passwords
A sage man once said, “Remember Jerry, it’s not a lie if you believe it.” Well, no matter how much you believe your password is secure, if you’re using a sitcom character, it definitely isn’t. Unfortunately, that didn’t stop more than 230,000 people from using George as their bad passwords. Topping the Friends list, more than 130,000 internet users love Rachel enough to use her name as a bad password.
Meanwhile Ross is at the bottom of the group with 6,643. The fact that a simple, four-letter password is being used by so many breached accounts is uglier than naked guy. If this sounds like you, maybe it’s time to update your password to something more complex like FestivusfortheRestofUs!12181997, as it’s been breached zero times.
Sports and passwords make a weak combination
Sports fans are arguably the most passionate in the world. It’s easy to see why fans love incorporating their favorite sports into their passwords, but unfortunately they’re on the losing team when it comes to security. If you’re using these bad passwords, it’s time for a substitution.
The United States of hackable passwords
State pride is a real thing. From food to music to scenery, we all think our state is the best. Or wildest. (Looking at you Florida.) But these predictable, bad passwords border on being to the worst.
What’s wrong with these passwords?
All of these bad passwords are much too basic and can be easily guessed. Not only that, if you’re the kind of person who uses george, newyork or football for your password, you might be the kind of person who has also reused it. That’s especially bad news since all of these passwords were part of known data breaches.
Here’s how to improve your password game
Stop reusing passwords
We can’t state this enough: don’t reuse or recycle passwords. Once someone has your password, they can try to use it on multiple sites. Sorry friends, but adding a 1 or ! to your password doesn’t make it more secure. If your banking password is the same as your email password and the same as your Amazon password, a single vulnerability in one site puts them all at risk. Are you reading this Equifax?
Get a password manager
If you have Forgot password on speed-click, a password manager is your new best friend. A good one keeps track of all of your passwords and generates new passwords so you can keep them strong. Hooray! It should rely on end-to-end encryption, which is code for scrambling your information so that nobody — including the company that makes the password manager — knows what’s inside.
Complicate your #@*Njub&*6! passwords
If you need fresh password inspiration or don’t have a password manager, you can use this password creation guide from Mozilla. Pro tip: Lockwise also suggests complex passwords when you create a new login within Firefox.
Monitor your accounts
Back in the day you could get away with adding numbers to make your password unique enough but like your credit score, you have to monitor it regularly to make sure it’s secure. Keep an eye on your accounts by signing up for Firefox Monitor to get alerted to data breaches. Do that, and you’re already ahead of the pack.
How did we get these numbers? We looked them up in haveipbeenpwned.com. For the sitcom and state lists, we looked up the terms with all lowercase and first letter uppercase. For the sport list, we looked up all lowercase. Current numbers on the site may be higher than at time of publication as new datasets are added to HIBP because sadly, data breaches continue to occur.