Your child’s name makes a horrible password

What’s in a name? A lot. It’s the first piece of information that identifies a person — from their first name given at birth to their last name which connects them to their family lineage. Even a fictional name like Clark Kent says a lot. Not surprisingly a lot of people use the name of their favorite superhero as passwords, which made us wonder: Do people still use their names or the names of their nearest and dearest as passwords? The unfortunate answer: Yes, they do. This year, in recognition of Safer Internet Day, we explore how common this is and why it is not a good idea.

Before we share the most used names as passwords, let’s talk about why your password matters. When setting up a password, it’s easy to default to something memorable like your birth date or name. You might use that same password for other online accounts, like your banking, credit card or other services that might have sensitive and personal information about you. The risk you face when using personal information as a password multiple times is that it can fall in the wrong hands through a data breach.  

Last year, there were more than 1,774 data breaches reported by the Identify Theft Resource Center. Data breaches happen for a variety of reasons. It could be hackers who want access to people’s information, financial gain or simply for fun. How do you safeguard your information when data breaches happen? Meet Firefox Monitor, a product that lets you know if your email address and passwords have been in a data breach. It leverages the Have I Been Pwned? database, which shares lists of known passwords used in data breaches. It also has a tool that lets you look up passwords that have been compromised in data breaches. 

Already, we’re seeing parenting community sites predict and share the top baby names of 2023. So we wanted to see how those names fare when they’re used as passwords. To give you a hint, we’ll say it again: Names, including your children’s, make horrible passwords.

Popular names used as passwords appear in data breaches…a lot

BabyCenter.com, a community site for parents, released its list of top names for 2023. For females, three of the most popular names commonly found in passwords include “isabella” (141,731 times used as a password), “abigail” (94,834 times used as a password) and “selena” (61,112 times used as a password). The male names included “joshua” (388,793 times used as a password), “oliver” (259,274 times used as a password) and “august” (135,258 times used as a password).

So, have we convinced you that using your child’s name as a password is a terrible idea? It’s not just your child’s name but it could be your name, your mother or father’s name, too. We took a look at the top first names from the last 100 years (listed here on the Social Security Number site) to see how many times they’ve been used as a password in a data breach. The most popular female names include “jessica” (492,196 times used as a password), “jennifer” (380,112 times used as a password) and “patricia” (178,581 times used as a password). The top male names found in data breaches include “michael” (651,846 times used as a password), “robert” (362,548 times used as a password) and “william” (330,750 times used as a password).

Even hipster and “unique” names shouldn’t be used as passwords

Nameberry.com recently released a list of popular hipster baby names, spanning from vintage to nature-inspired. The hipster vintage names include old favorites that could be names of your child or your great grandmother (what is old is new again!). We looked at the list of female names to see how many times a name has been used as a password in a data breach and found that “florence” (87,298 times used as a password), “minerva” (25,631 times used as a password) and “betty” (21,811 times used as a password) were the top female names used in breached passwords. For males, it was “casper” (183,879 times used as a password), “chester” (182,768 times used as a password) and “stanley” (80,476 times used as a password). 

Hipster nature names didn’t fare well either. Under this category, the female names most overused as passwords include “pepper” (295,778 times used as a password), “soleil” (145,721 times used as a password), “cricket” (110,732 times used as a password) and “andromeda” (52,784 times used as a password). The male names most overused as passwords include “mercury” (83,966 times used as a password), “canyon” (42,125 times used as a password) and “wolf” (21,993 times used as a password). Even if you think you have a unique name, it doesn’t mean that it is OK to use as a password.

We’re not telling you to avoid these names altogether. Just don’t use them as passwords! Your children’s names are their personal information, so take care in how you share them online. Here’s what you can do to keep your family’s personal information safe: 

  • Use a password generator to create a password –  When you visit a site and are asked to create an account and password, Mozilla’s Firefox browser has a password generator that will recommend a secure and strong password that includes a random combination of numbers, letters and symbols.
  • Keep your passwords safe with a password manager – Stop writing your passwords on a piece of paper or a notebook, and use a password manager. There are services that will store your passwords for you online so that the next time you visit a site your password will instantly pop up in the field for you. 
  • Protect your email address  – Firefox Relay is a product that hides your true email address to help protect your identity. It has blocked more than 1.3 million unwanted emails from people’s inboxes while keeping true email addresses from trackers across the web. Sign up here.
  • Know when your password is breached with Firefox Monitor – Learn about hacks and breaches by signing up with Firefox Monitor. You’ll get alerts delivered to your email whenever there’s been a data breach or if your accounts have been hacked.

As we think about how to make the internet a better place, it’s taking those first baby steps to make changes that will help you safely navigate the web. If you’d like to do more to create better online habits and routines, try our Mozilla tech challenge. We’ll give you simple tasks that you can complete each week for four weeks so you can better enjoy what the internet has to offer. 


How did we get these numbers? We looked these up in haveipbeenpwned.com. We couldn’t access any data files, browse lists of passwords or link passwords to logins — that info is inaccessible and kept secure — but we could look up random passwords manually. Current numbers on the site may be higher than at time of publication as new datasets are added to HIBP. Alas, data breaches keep happening. There’s no time like the present to make sure you have strong passwords.


Share on Twitter