Researchers at SPECOPS Software analyzed more than 800 million compromised passwords to determine the popularity of Division I football programs and their team mascots and nicknames appearing on breached password lists.
The team of researchers looked at passwords of top football playing universities finding Georgia Tech, the University of Kansas, and the University of Florida each appear more than five million times on breached password lists. San Jose State University, New Mexico State University and the University of Nevada Las Vegas appeared the least.
SPECOPS 2021 Top 10:
- Georgia Tech (GT)
- University of Kansas (KU)
- University of Florida (UF)
- Virginia Tech University (VT)
- Arizona State University (ASU)
- University of Georgia (UGA)
- Old Dominion University (ODU)
- East Carolina University (ECU)
- University of North Carolina (UNC)
- University of Southern California (USC)
SPECOPS Top 10 Nicknames/Mascots:
- Utah Utes
- Florida Gators
- New Mexico Lobos
- Florida State Seminoles
- Akron Zips
- UCLA Bruins
- Oklahoma State Pokes
- Oklahoma Sooners
- Texas Longhorns
- Wisconsin Badgers
College football team names and mascots appear more than 77 million times on breached password lists, according to SPECOPS.
It’s unsurprising that so many people incorporate their favorite teams into their passwords. In today’s cyber security threat landscape, it’s essential that any use of college football team name or mascot be part of a much larger and complex password, if they are to be used at all.
Passwords are linked to 80% of breaches and poor password hygiene is an easy entry point for bad actors to exploit in cyber attacks.
Organizations should block weak passwords, create compliant password policies and target password entropy to enforce password length and complexity while blocking common character types at the beginning or end of passwords, as well as repeated characters.