Heads up, if you’re currently using a superhero as a source of inspiration for your passwords you might want to change it to something more secure. A report published by the Mozilla Foundation found that too many internet users have been using superhero names as passwords—and hackers are aware of it.
Superman is the most popular superhero-themed breached password. The superhero name has been used 368,397 times, followed by Batman—which was used 226,327 times. Spiderman, Wonder Woman, Wolverine and Iron Man followed behind them as other most-used superhero names as passwords.
But if you think you’re safe as someone who uses a superhero’s real identity, you’re sadly incorrect. The name James Howlett or Logan, AKA Wolverine, has been used 30,479 times as passwords—and it outshone other real identity names like Clark Kent, Bruce Wayne, and Peter Parker by miles. However, these type of passwords are also pretty popular.
According to the Mozilla Foundation, they just searched up the superhero names manually using Haveibeenpwned.com. You can even try looking up your own passwords on there to check how often they’re used.
Besides superhero names, you should also avoid using any first names, date of births, or the combinations “123456” and “azerty”. Those are most commonly used passwords in the world and, therefore, popular with hackers.
Previously, Mozilla also posted that Disney Princess names should also be avoided. The most popular Disney Princess name was Jasmine, which was used 192,023 times as passwords.
For a safer experience, here’s a reminder that the more complex a password is—like mixing numbers, letters and symbols—the more difficult it will be to crack. You should avoid reusing same passwords for different services and you can manage your logins with password managers such as 1Password or Bitwarden. The services generate random passwords for all of your accounts, and they will also let you know if your passwords have been compromised.