“Love” conquers most in passwords

Stockholm – Specops Software announced today the latest updates to Specops Breached Password Protection, a solution to continuously check if an account in Active Directory is using a leaked password. Analysis reveals the most common words used in password combinations are related to love.

Specops Breached Password Protection has been updated to include more than 4 billion passwords, available as a secure list in the cloud or stored locally in the customer’s environment. In-depth analysis of 120 million passwords revealed the following findings for password combinations:

  • “Love” was the most common word
  • The second most common word was “evil”
  • There are twice as many instances of the word “freak” compared to “saint”.

More non-English leaked passwords were also added in this update. Some of the most common passwords in other languages were also related to love: “woaini” (I love you in Chinese), “älskling” (sweetheart in Swedish) or “kochanie” (loved one in Polish).

“One of the strengths of our password list is that it includes more than just English-language passwords,” said Lori Osterholm, CTO at Specops Software. “Some of the most popular leaked passwords lists don’t support foreign-language words, like the Swedish word “älskling”, and organizations relying on such lists may be, unknowingly, increasing their risk factor.” 

Specops Breached Password Protection works together with Specops Password Policy so that companies and organizations can block all passwords found on the password deny list, making it easy to comply with industry regulations, like NIST or Cyber Essentials. The service blocks people from choosing banned passwords and informs as to why they cannot use the password.

“Widespread password-spraying and credential-stuffing attacks appear in the news every week,” Osterholm said. “If an IT admin wants to prevent hackers from gaining access to their environments through these attacks, a password deny list is a must. With today’s update, Specops continues to show why it’s a market leader for Active Directory. We are focused on making our password list a continuously-updated source of leaked passwords for people everywhere.”

Learn more about how Specops Breached Password Protection can help continuously protect Active Directory environments from leaked passwords.  

About Specops Software
Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

Media Contact

(Last updated on October 30, 2023)


Back to Blog

Related Articles

  • Checking for Pwned Passwords in Active Directory

    If you are trying to fulfill a regulation requirement like that of NIST, you might find yourself tasked with attempting to set up your Active Directory environment to check for leaked passwords against an external password deny list. For many, Have I Been Pwned (HIBP) is the list they want to check against. HIBP is…

    Read More
  • Password dictionary overview and best practice

    As long as users continue using common/predictable passwords, dictionary attacks will continue to work. Hackers are not the only ones who can take advantage of password predictability. The best protection against a dictionary attack is using a dictionary during the password creation process. This means checking future passwords against such dictionaries, and preventing users from…

    Read More
  • NIST password standards and requirements

    The National Institute of Standards and Technology (NIST) sets the information security standards for federal agencies. Through its Special Publication (SP) 800-series, NIST helps organizations meet regulatory compliance requirements such as HIPAA, and SOX. The recent update to the NIST password standards (SP) 800-63-3 flips the script on widely accepted password policies, challenging its effectiveness…

    Read More