Superheroes may be able to save everyone in a fantasy world, but they can’t keep online accounts secure in the digital era, Mozilla warns.
With hundreds of thousands of occurrences in breach datasets, superhero passwords aren’t a strong account protection method, even when the real identities of superheroes are used instead.
Data from breach notification website haveibeenpwned.com reveals that thousands of users choose to protect their online accounts with superhero names, thus weakening their protection.
With more than 328,000 occurrences in breach datasets, Superman is the most commonly used superhero password, followed by Batman (more than 226,000 occurrences) and Spider-Man (slightly over 160,000 occurrences).
Wolverine, Ironman, Wonder Woman, and Daredevil are also popular, emerging tens of thousands of times in datasets.
The real identities of superheroes are also poor choices for passwords. James Howlett/Logan was seen more than 30,000 times in datasets and Clark Kent, Bruce Wayne, Peter Parker and Tony Stark had thousands of occurrences each as well.
If such passwords are used within enterprise environments, they could expose the entire organization to attacks. In fact, even the compromise of a personal account may lead to the gathering of information that, when leveraged in phishing, could help a malicious actor breach an organization.
With the Cybersecurity Awareness month underway, Mozilla decided to raise awareness on the importance of using strong passwords to secure online accounts, and added a password manager in Firefox for Android.
“Passwords are one of the easily compromised components within a company. To mitigate risk, enterprises should either establish a tight password policy or switch to a passwordless model. The latter will be far more efficient,” Mohit Tiwari, co-founder and CEO at Data Store and Object Security (DSOS) provider Symmetry Systems, said.
To ensure additional protection, users should enable two-factor authentication to all accounts that support the feature, and should also use monitoring services that alert them when their accounts appear in data breaches. Using an encrypted connection, such as a Virtual Private Network (VPN), also improves security.
“Users have failed to maintain proper passwords for decades. That will never change. Therefore, innovation must build an easy to use alternative that provides appropriate security with a better user experience. Enterprises have to find the right balance of technology innovation alongside security for traditional models,” Tyler Shields, CMO at cyber asset management and governance solutions provider JupiterOne, told SecurityWeek.
“Passwords are the most misused line of defense in cyber security today. Words are only better than randomized passwords because they can be easily remembered, instead of being written down. In trade off, the password itself is simplified and easier to guess. My recommendation would be to eliminate passwords completely. However, if you must use a password, make sure to use a password manager and incorporate very complex, difficult to guess, randomly generated passwords via those tools,” Shields continued.
Related: IBM: Average Cost of Data Breach Exceeds $4.2 Million
Related: Controversial Web Host Epik Confirms Customer Data Exposed in Breach
Related: Regular Users Can Now Remove Password From Their Microsoft Account

More from Ionut Arghire
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
