Categories: Firefox

Princesses make terrible passwords

When the Disney+ streaming service rolled out, millions of people flocked to set up accounts. And within a week, thousands of poor unfortunate souls reported that their Disney passwords were hacked. According to media reports, some Disney+ account holders have lost their account access while hackers have sold their logins online.

BBC News: Disney+ fans without answers after thousands hacked

USA Today: Did Disney+ get hacked?

Fortune: Disney+ Might Have a Notable Hacker Problem (Already)

ZDNet: Thousands of hacked Disney+ accounts are already for sale on hacking forums

How the Disney+ account situation happened isn’t totally clear. Disney says that its system is secure and has not been breached. That does point to one unfortunately well-worn possibility: weak, reused passwords.

If you used the same password for an account that was previously breached as you did for your Disney+ password, a bad actor could gain access. Furthermore, hackers with stolen datasets at their fingertips could easily filter on key terms to find the Disney fans. Just look how many times the 12 Disney princesses showed up in breached datasets, according to haveibeenpwned.com:

Then there are these terms that a dedicated Disney fan might choose in a moment of weakness:

Friends, it’s a whole new world out there. Data breaches happen, with data files swapped and sold in the dark corners of the web. No one knows how far it goes. That’s why good password habits are more important than ever, and you can’t let it go. Picking unique passwords for each account is one of the the bare necessities of online life. It’s OK to admit that you need help, because when it comes to remembering passwords, who among us can snap our fingers and say “remember me.”

Firefox Lockwise gets you almost there.

When setting up accounts, Lockwise can help you select something complex and unique that you never would have thought of on your own. Then you can save that tricky password straight into your browser and use it directly from the app, secured behind a master password or fingerprint login protected in the most delightful way for when you need it.

We can’t guarantee that various services and platforms you use won’t ever be compromised, but we can help you create complex unique passwords to minimize your exposure should it occur. And with Firefox Monitor, we can alert you when breaches happen.

Ready to try Firefox Lockwise? Set up your Firefox account and be our guest.


How did we get these numbers? Since we don’t have a crystal ball, we looked them up in haveipbeenpwned.com. We couldn’t access any data files, browse lists of passwords or link passwords to logins — that info is inaccessible and kept secure — but we could look up random passwords manually. Current numbers on the site may be higher than at time of publication as new datasets are added to HIBP. Alas, data breaches keep happening. There’s no time like the present to make sure all your passwords are as strong and unique as you are, princess.

See what other passwords aren’t your friends.

 


Also published on Medium.