You've got to stop using your favorite superhero as a password - here's why

News
By
published

Ironman is a strong comic book character, but a terrible password

The Avengers
(Image credit: Disney/Marvel Studios)

Batman may have top-notch security in his Batcave, but that doesn’t mean you should take inspiration for your passwords.

As a matter of fact, using superhero names as passwords is a common occurrence, making for low-hanging fruit for criminals looking to brute-force their way into online accounts and business networks.

Cybersecurity firm Specops Software recently analyzed more than 800 million breached passwords, looking for those that include the names of Marvel or DC superheroes.

The company found that Loki was the most popular choice, appearing more than 151,000 times, while his brother Thor was used almost 148,000 times. DC characters are also well-represented, with Batman's sidekick Robin featuring in 127,000 breached passwords.

In total, more than 1.1 million breached passwords included mention popular Marvel and DC characters.

Weak passwords

Although no one wants their personal accounts compromised by cybercriminals, businesses have even more to lose as a result of this worrying trend.

For small and medium-sized businesses, poor password hygiene is one of the weakest links in the cybersecurity chain, the report adds. Many high-profile attacks, including the recent Colonial Pipeline incident, start with compromised credentials. 

In order to stay safe, SMBs should focus on robust password policies. There are many measures organizations can take, such as requiring employees to create complex passwords or preventing them from using names of partners, important dates, home addresses and other easily obtainable data.

Businesses should also require employees to create a new password every few months, and make sure they don’t just change the last character when they do. And finally, two-factor authentication should always be enabled where possible, providing an additional layer of protection.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
A screenshot of the front cover for the Guardians of the Galaxy 3 DVD
The best superhero movies: 28 great comic book films to watch in March 2025
Man screaming at computer with TechRadar data privacy week logo next to it.
I almost lost my entire online identity – until one tool made all the difference
Young woman working at a coffee shop with a laptop
Too many passwords, not enough brain space? Here’s how password managers can improve your life
A hand laying out a password
Security attacks on password managers have soared
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
An operator fires a saw blade from a weapon
Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Google Pixel 9 Pro

Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
See more latest
Most Popular
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
Vado SL 2
Specialized says calling its new Vado SL 2 Alloy an e-bike is still an insult – here's why
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Next-Gen Google TV
Google TV's Gemini Live support and other updates seemingly confirmed by new user survey – here's what to expect
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks