Football Fever Puts Password Security at Risk

Security experts have urged users to think more carefully about their password choice after spotting as many as one million based on simple football-related words.

Authentication firm Authlogics manages a Password Breach Database — a collection of previous stolen or cracked credentials which that allows it to spot trends and offer industry advice.

It claimed that of the one billion passwords in the trove, over 1.1 million are linked to the beautiful game. These are led by the password “football” (353,993), followed by “Liverpool” (215,842), “Chelsea” (172,727), “Arsenal” (151,936) and “Barcelona” (131,090).

The problem for these users is two-fold: not only are such credentials relatively easy to guess or crack, but if they’re reused across multiple accounts, including corporate ones, it could expose them to credential stuffing.

This is the practice of using automated software to try large numbers of previously breached log-ins simultaneously across multiple accounts, hoping that some will work.

Authlogics cited Google research which claims that over half (52%) of users reuse the same password on multiple accounts, with only a third (35%) using a different credential for all log-ins.

“If your password has been breached on one account, and you are one of the 52% of people who reuse their passwords regularly, you might find other accounts which were not breached also compromised,” Authlogics warned.

“If someone is aware of the amount of passwords that are associated with football, and are able to use social engineering tactics to discover which team an individual supports, they can make a good, educated guess as to their password to not just one, but multiple accounts.”

Password managers can help here by storing and recalling unique and robust credentials for each website and online account. Multi-factor authentication (MFA) is also recommended to bolster authentication security.

Authlogics recommended combining letters, numbers and symbols to increase password strength — even if football-mad users want to include their favorite team in their log-ins.

What’s Hot on Infosecurity Magazine?