Houston, We Have a Password Problem: How Global Events Drive Weak Credentials

Major global events don’t just capture attention, they influence behavior, including how users create passwords. This behavior is not new. Major sporting events like the FIFA World Cup, and seasonal celebrations such as Valentine’s Day and Christmas consistently drive the use of predictable, theme-based passwords. While these choices may feel memorable, they are also highly guessable and widely reused.

Following the Artemis II lunar flyby, which reached record-breaking distances from Earth, our researchers decided to analyze see how much this latest space expedition influenced password behavior. To do this, we analyzed 802 million records from recent data breaches for space themed passwords and those related to Artemis II.

The most popular aerospace-themed terms

What the data tells us

While this dataset does not identify a direct link to the Artemis II mission, it reinforces a consistent pattern: users anchor passwords to familiar and culturally relevant terms. The distribution is heavily skewed toward a small number of generic words, with “sol” appearing over 1.1 million times, far exceeding more specific references. In high concentration, generic terms like these make it much easier for attackers to carry out effective large-scale password spraying attacks. The likelihood that these terms have been reused across multiple account is quite high, making them a double threat.

At the same time, the data reveals a long tail of more specific references, including “apollo,” “orion,” “kirk,” and “picard.” These terms often cluster around themes such as NASA missions or science fiction franchises, enabling attackers to build targeted, context-driven wordlists rather than relying on random guesses. This is where risk increases. Attackers routinely use publicly available information to refine these wordlists. If a user’s online presence reflects specific interests, such as space exploration or science fiction, attackers can significantly narrow their guessing strategy. Instead of attempting millions of combinations, they can focus on a smaller, more relevant set of terms that are statistically more likely to succeed.

Once a term appears frequently in breached datasets, it is quickly incorporated into attacker tooling and reused at scale. A password like “Armstr0ng123@” may meet complexity requirements, but it is still derived from a predictable base word. From there, variation is trivial and easily automated. Attackers can generate millions of permutations from a single base term in seconds, making these passwords far less secure than they appear.

3 steps to reduce the risk of compromised passwords

The consistency across this and previous datasets highlights a simple reality: user behavior is predictable. Security controls need to account for that predictability, rather than assume better choices.

1. Get visibility over your password risk

Before improving password security, you need to understand your current exposure. In most environments, compromised and weak passwords already exist within Active Directory, often unnoticed.

An effective audit should answer:

• Are compromised passwords currently in use?
• Are there duplicate, expired, or blank passwords?
• Are privileged accounts adequately protected?
• Are inactive or stale accounts introducing risk?

Specops Password Auditor provides a read-only way to surface these risks and establish a baseline. This allows security teams to prioritize remediation where it will have the greatest impact, rather than relying on assumptions.

2. Encourage password length without increasing friction

Length remains one of the most effective indicators of password strength, but enforcement often fails when it creates unnecessary friction. Passphrases built from multiple, unrelated words are significantly more resistant to cracking than short, complex strings based on predictable themes.

For example, “broccoli-marine-stairway” is far stronger than “Luna-Artemis-Orion-2026!”.

The challenge is balancing stronger requirements with usability. Real-time guidance during password creation helps users meet requirements without defaulting to predictable patterns, while length-based aging incentivizes stronger passwords by extending reset intervals.

3. Layer protection beyond the password

Even strong passwords are not immune to exposure. Phishing attacks, infostealer malware, and credential reuse continue to provide attackers with valid login data, regardless of password complexity. Once a credential is compromised, the strength of the password becomes largely irrelevant. This is where additional authentication controls become critical.

Multi-factor authentication (MFA) significantly reduces risk, but it is not a complete safeguard. Attack techniques such as MFA fatigue, adversary-in-the-middle phishing, and session hijacking are specifically designed to bypass identity-based controls. To reduce the likelihood of a compromised credential leading to account access, authentication needs to be reinforced at the point of login. This includes validating not just the user, but the context of the request, such as the device being used and the conditions under which access is attempted.

Solutions like Specops Secure Access strengthen this layer by adding additional verification at login, helping to prevent unauthorized access even when credentials have been exposed.

If you’re interested in seeing how Specops can help secure your passwords, contact us today or book a demo to see our solutions in action.