Popular Marvel, DC Comics, and Star Wars Themed Passwords to Avoid

As I have been saying for years, passwords by themselves no longer represent a secure form of authentication.  This is because passwords can be easily guessed, or solved using automated password cracking techniques such as the Dictionary Attack or Brute Force Attack.  There are also pre-cracked lists of passwords called Rainbow Tables available on both the light and dark web.

There are plenty of Rainbow Table available for the most commonly used passwords, such as these “turkeys” from 2020.  If you are using any sort of password strengthening tool to prevent your user community from selecting these passwords, then here are a couple lists to add to them.

Here are the top twenty passwords that use a Star Wars theme:

  1. yoda
  2. starwars
  3. ewok
  4. hansolo
  5. darthvader
  6. bobafett
  7. darthmaul
  8. grogu
  9. obiwankenobi
  10. lukeskywalker
  11. macewindu
  12. anewhope
  13. plokoon
  14. mandalorian
  15. princessleia
  16. kyloren
  17. kuiil
  18. iamyourfather
  19. quigonjinn
  20. rogueone

Marvel and DC Comics have certainly turned out a ton of movies featuring our favorite comic-book heroes.  Unfortunately, these are being used as password as well, and are easily guessed or cracked.

Password Category
Loki Marvel
Thor Marvel
Robin DC
Joker DC
Flash DC
Batman DC
Superman DC
Vision Marvel
Falcon Marvel
Penguin DC
Hulk Marvel
Wanda Marvel
Venom Marvel
Spiderman Marvel
Ironman Marvel
Katana DC
Hydra Marvel
Wolverine Marvel
Gambit Marvel
Punisher Marvel
Hawkeye Marvel
Groot Marvel
AntMan Marvel
Deadpool Marvel
Thanos Marvel
Catwoman DC
Magneto Marvel
Riddler DC
Cyclops Marvel
Avengers Marvel
Mystique Marvel
WonderWoman DC
Aquaman DC
BlackWidow Marvel
Gamora Marvel
TwoFace DC
Nightcrawler Marvel
BlackPanther Marvel
GreenLantern DC

As long as we continue to use passwords as at least one common authentication factor, preventing their use in your environment should be a priority.

The best solution to the inherent weakness of passwords is the use of a two-factor or multi-factor authenticator in combination with a password.  While this is not necessarily a perfect solution, it is way better than using a password alone.

More Information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.