As I have been saying for years, passwords by themselves no longer represent a secure form of authentication. This is because passwords can be easily guessed, or solved using automated password cracking techniques such as the Dictionary Attack or Brute Force Attack. There are also pre-cracked lists of passwords called Rainbow Tables available on both the light and dark web.
There are plenty of Rainbow Table available for the most commonly used passwords, such as these “turkeys” from 2020. If you are using any sort of password strengthening tool to prevent your user community from selecting these passwords, then here are a couple lists to add to them.
Here are the top twenty passwords that use a Star Wars theme:
Marvel and DC Comics have certainly turned out a ton of movies featuring our favorite comic-book heroes. Unfortunately, these are being used as password as well, and are easily guessed or cracked.
As long as we continue to use passwords as at least one common authentication factor, preventing their use in your environment should be a priority.
The best solution to the inherent weakness of passwords is the use of a two-factor or multi-factor authenticator in combination with a password. While this is not necessarily a perfect solution, it is way better than using a password alone.
- Specops Super Hero Passwords
- Specops Star Wars Passwords
- Thanksgiving Turkey Award – Worst Passwords of 2020
- Most Popular Passwords and PINs for 2019
- Sunday Funnies – Worst Passwords of 2018
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com