Division 1 College Football Teams and Mascots Keep Showing Up on Breached Password Lists

The Rambling Wreck of Georgia Tech may not have earned a single vote in the AP’s preseason college football Top 25 rankings, but when it comes to appearing on breached password lists, the prestigious university ranks #1.  

In conjunction with the kickoff of the college football season, our researchers analyzed more than 800 million compromised passwords (a subset of our larger list included with Specops Breached Password Protection of over 4 billion passwords) to determine the popularity of Division 1 FBS football programs, and their team mascots and nicknames, appearing on breached password lists.  

In total, our researchers looked at passwords related to top football playing universities, finding that Georgia Tech or (GT), the University of Kansas or (KU) and the University of Florida or (UF) each appear more than 5 million times on breached password lists, while San Jose State University (SJSU), New Mexico State University (NMSU) and the University of Nevada Las Vegas (UNLV) appear the least.  

2022 weak password report image
Password attacks are on the rise. The newest Weak Password Report has insights into just how vulnerable passwords truly are.

The complete 2021 Specops Preseason Top 25 

  1. Georgia Tech (GT) 
  1. University of Kansas (KU) 
  1. University of Florida (UF) 
  1. Virginia Tech University (VT) 
  1. Arizona State University (ASU) 
  1. University of Georgia (UGA) 
  1. Old Dominion University (ODU) 
  1. East Carolina University (ECU) 
  1. University of North Carolina (UNC) 
  1. University of Southern California (USC) 
  1. Southern Methodist University (SMU) 
  1. University of Alabama – Birmingham (UAB) 
  1. Louisiana State University (LSU) 
  1. Florida Atlantic University (FAU) 
  1. Brigham Young University (BYU) 
  1. University of South Florida (USF) 
  1. Penn State University (PSU) 
  1. Texas Christian University (TCU) 
  1. Florida State University (FSU) 
  1. Florida International University (FIU) 
  1. Texas A&M University (TAMU) 
  1. University of Texas – San Antonio (UTSA) 
  1. University of Central Florida (UCF) 
  1. University of Texas – El Paso (UTEP) 
  1. University of California Los Angeles (UCLA) 

Additionally, our researchers also looked at popular college football nicknames and mascots appearing on breached password lists. For the purposes of this research, we excluded any nickname used by more than one university or by a professional sports team(s). Exclusions include ‘Bulldogs’, ‘Cowboys’ and ‘Tigers’, among a few others.  

Top 10 Nicknames/Mascots  

  1. Utah Utes 
  2. Florida Gators 
  3. New Mexico Lobos 
  4. Florida State Seminoles 
  5. Akron Zips 
  6. UCLA Bruins 
  7. Oklahoma State Pokes 
  8. Oklahoma Sooners 
  9. Texas Longhorns 
  10. Wisconsin Badgers 

In total, college football team names and mascots appear more than 77 million times on breached password lists.  

Tackling password security risks 

College football fans are incredibly passionate about their schools, particularly those in the  

SEC and Big12 country, so it’s completely unsurprising that so many people incorporate their favorite teams into their passwords. However, in today’s cybersecurity threat landscape, it’s essential that any use of a college football team name or mascot be part of a much larger and complex password, if they are to be used at all.  

Presently, poor password hygiene continues to put both people and businesses at unprecedented risk. Today, passwords are linked to 80% of breaches, and poor password hygiene is an easy entry point for bad actors to exploit in cyberattacks.  

In response to the increase in social engineering and brute force attacks, organizations should at the very least block weak passwords, create compliant password policies and target password entropy to enforce password length and complexity while blocking common character types at the beginning/end of passwords, as well as consecutively repeated characters.  

Don’t let a password breach disrupt your ability to root for and enjoy the upcoming college football season. Find out if breached passwords like these are being used in your organization’s Active Directory environment with a free read-only scan by Specops Password Auditor.  

(Last updated on September 27, 2024)

Back to Blog

Related Articles

  • Keeping Football on the Pitch and Out of Passwords this World Cup

    The Messi versus Ronaldo debate returns, but this time it’s not about who is the best footballer but about which name has appeared the most within Specops’ Breached Password Protection list. With the FIFA 2022 World Cup in Qatar kicking off we’ve continued the theme of analyzing over 800 million compromised passwords (a subset of…

    Read More
  • The Most Common Football Team Names Found in Breached Passwords

    STOCKHOLM – If the Superbowl winner could be predicted by breached password lists, the Los Angeles Rams would be this season’s winner. Today, Specops Software released an update to the Breached Password Protection list and of a recent analysis of sports-related compromised passwords.   “With the NFL season beginning in the United States, our research team analyzed over 900 million known breached passwords to find out which teams were…

    Read More
  • Premier League Clubs May Want to Be Relegated from This Breached Password List

    Chelsea, one of England’s most successful football clubs, can add another trophy to their record today, as they rank in first place on Specops’ breached password list.   This is according to our new research, ahead of the start of the Premier League 2021 season, which analyzed more than 800 million compromised passwords (a subset of our larger list included with Specops Breached…

    Read More