The holidays most likely to be found in your passwords [new data]

STOCKHOLM – Holidays are often a joyous time of year and new data seems to indicate people like to celebrate with their passwords. Today, Specops Software released an update to the Breached Password Protection list and a recent analysis of holiday-related compromised passwords.

“With the winter holidays right around the corner, we asked our research team to dig into which holidays are most popular,” said Darren James, Product Specialist with Specops Software. “We analyzed over 800 million breached passwords to find out.”

Top 10 most common holiday themes found in passwords

  1. New Year’s
  2. Christmas
  3. Diwali
  4. Thanksgiving
  5. Easter
  6. Valentine’s Day
  7. Halloween
  8. Ramadan
  9. Mardi Gras
  10. Saint Patrick’s Day

The 800 million leaked passwords analyzed for these findings are a subset of the more than 4 billion compromised passwords found in Specops Breached Password Protection. The analysis looked at any password that contained the holiday name (or related word, i.e. “turkey” for Thanksgiving) within a password.

“The reason people choose holiday-related terms when creating their passwords is because they struggle to make a password that is both secure and memorable,” James said. “This results in weak passwords that follow predictable patterns and are reused between different services. These passwords are easy to guess and commonly appear in lists of breached passwords.”

Specops carried out a survey in April 2020, asking 1,353 respondents about password reuse:

  • 45% of respondents did not consider password reuse to be serious
  • 52% of respondents share their streaming site passwords
  • 31% of respondents use the same password for streaming sites as they do for other “more sensitive” accounts, such as online banking
  • 21% don’t know whether those who they share their passwords with share with other people

“This data, while fun, will come as no surprise to the IT admins we talk to. They’re often aware that the passwords their employees are using are common or weak, but it can be hard to measure it,” continued James. “If you’re looking to quantify the weak or leaked password problem in your environment, I’d recommend running a scan with our free Password Auditor.”

The compromised password problem can be an expensive one. IBM recently reported the global average cost of a data breach in 2020 to be $3.86 million. 

Find out how many breached passwords are in use in your environment by running a free read-only scan of your Active Directory with Specops Password Auditor. Today’s update marks the addition of 29 million passwords to the Breached Password Protection list used in the scan.

Specops Breached Password Protection works together with Specops Password Policy so that companies can block all passwords found on the list of over 4 billion compromised passwords, making it easy to comply with industry regulations, such as NIST or Cyber Essentials. The service blocks people from choosing banned passwords and informs the user as to why they cannot use the password.

About Specops Software

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

Media Contact

(Last updated on October 26, 2023)

Back to Blog