Long Live the Secure Password! Royal themes discovered within compromised password lists

With King Charles III’s coronation this weekend we’ve analyzed our Breached Password Protection list and discovered a royal connection.

Union Jack and Royal Flags

Around 350 million people are expected to watch May 6th’s historic coronation in the UK so we’re checking to see if the royal craze extends into end-user’s credentials. We’ve analyzed over 800 million compromised passwords, a subset of our larger Breached Password Protection database of over 4 billion known compromised passwords, to see which common royal terms are contained within these known breached passwords.

The top royal themed terms

1. king
2. prince
3. princess
4. queen
5. heir
6. crown
7. regal
8. tiara
9. palace
10. imperial
11. throne
12. sovereign
13. regalia
14. scepter
15. coronation

While there is no insight into the context of the terms used, ‘king’ tops the list appearing within users’ compromised passwords over 1 million times.

To couple this, ‘queen’ appeared in fourth place with over 200k instances followed by a variety of royally relevant terms quickly descending in counts. With the topical term ‘coronation’ appearing in 15th place.

Darren James, Senior Product Manager at Specops Software commented, “As we can see from the results ‘king’ is a very popular term within passwords. The use of common terms as a basis for a password really stands out as a common mistake when it comes to password choices. They might make your passwords easy to remember, but also very easy for someone to guess. If you are responsible for what the password policy should be for your organization, make sure your policy can block the use of commonly used terms and implement MFA wherever you can.”

Long live the secure password!

It’s crucial that password security remains a priority for individuals and organizations alike, as the consequences of a compromised password can be severe and long-lasting.

Time and time again, the same pattern emerges on analysis of our breached password list – users are still choosing weak passwords and to make matters worse these passwords are often reused across multiple systems.

To follow secure password practices, aim for length (the longer the password the longer time it will take to crack) rather than complexity but avoid common words or phrases. See the NCSC’s guidelines for the logic behind three random words.

Additionally, passwords should be unique for each system or account and as an extra layer of security, Multi-Factor Authentication (MFA) should be used wherever possible, to provide an added level of protection against password-based attacks.

It’s important to acknowledge though, that it’s time to stop solely blaming users for weak password choices and take responsibility for enforcing a secure password policy in the first place.

By taking the onus away from the user and implementing strong and enforceable password policies, organizations can significantly reduce the risk of password-based attacks and improve overall security.

Compromised password detection and prevention

If you want to identify how many compromised passwords are in use in your Active Directory, Specops Password Auditor offers a free password vulnerability audit tool, that will analyze password vulnerabilities in a matter of minutes.

To prevent weak passwords from reoccurring and block the use of over 4 billion weak and compromised passwords from the outset, consider requesting a trial of Specops Password Policy. Long live the secure password!

(Last updated on May 5, 2023)

Back to Blog