Mozilla warns that hero names such as 'Spider-Man' and 'Batman' should be stopped as passwords



Passwords for using various web services and SNS are as important as 'house keys', and passwords that can be guessed by someone should be avoided. However, there are many people in the world who use the name of a superhero such as 'Superman' or 'Batman' as a password, and 'If you use the name of a superhero as a password, it is a weak point online. It could be, 'warns

Mozilla, which develops Firefox for the web browser.

Superhero passwords may be your kryptonite wherever you go online
https://blog.mozilla.org/en/mozilla/news/superhero-passwords-may-be-your-kryptonite-wherever-you-go-online/

Even if you know that passwords are preferable to be difficult for others to guess, setting a complicated password can be a hassle, and many people set passwords that are easy for them to remember. Many American superheroes also use it as a 'password that is easy to remember', and it is registered in the personal information leakage check site 'Have I Been Pwned?' 'Password leaked in 2021' The following is what Mozilla extracted by paying attention to the name of the hero.



'Superman (

Superman )' is 368,397 cases, 'Batman ( Batman )' is 226,327 cases, 'Spider-Man ( Spider-Man )' is 160,030 items.



'Wolverine (

Wolverine )' is 53,745 cases, 'Ironman ( Iron Man )' is 44,175 cases, 'Wonder Woman ( Wonder Woman )' is 21,756 items.



'Daredevil (

Daredevil )' Wonder Woman Like the 21,756 cases, 'Thor ( saw )' is 7133 cases, 'Black Widow ( Black Widow )' is 4507 cases, also 'Black Panther ( Black Panther )' is 4507 cases, 'Captain America ( Captain America )' was the 689.



Also, it seems that 'hero's identity' is often set as a password. Looking at the graph below, among the passwords leaked in 2021, Wolverine's real name 'James Howlett' and the so-called 'Logan' at the time of memory loss were 30,479, Superman The earth name 'Clark Kent' is 4919 cases, Batman's real name 'Bruce Wayne' is 2267 cases, Spider-Man's real name 'Peter Parker' is 2178 cases You can see that there was also.



As a way to keep the password secure, Mozilla avoids easy-to-guess things such as the name of the superhero, and when entering, synchronizes the 'function to save the password in the browser' installed in Firefox etc. and the password saved in the browser We recommend using 'Firefox Lockwise ', which allows you to log in on Android and iOS apps.

In addition, Mozilla also published a blog in November 2019 stating that 'passwords should not be named princesses', and some accounts that were damaged by the leak set the name of Disney princess as a password. I was reporting that there were many accounts that I did.

Princesses make terrible passwords for Disney + --The Mozilla Blog
https://blog.mozilla.org/en/internet-culture/deep-dives/disney-password/



in Security, Posted by log1h_ik