School start reminds everyone to stop reusing passwords

Paper, pen, and school itself are the most common school-related words found among breached passwords, according to our latest research. To celebrate the end of summer and the start of another school year, Specops’ researchers analyzed more than 800 million breached passwords to determine the number of times school-related terms can be found on password lists. This analysis coincides with the latest addition of over 13 million compromised passwords to the Specops Breached Password Protection service.

The results are a reminder to take stock of IT security protections in the wake of a rising number of cyber incidents at schools. Both K-12 and higher ed have been targeted in high-profile ransomware attacks, including North Carolina A&T State University, University of California, San Francisco, and Baltimore County schools.

Hackers are opportunistic and known to take advantage of reoccurring passwords, such as words discovered in this research. Earlier this year, we published a Weak Password Report that looked at common patterns and themes found in compromised passwords, and highlighted the security holes created by password reuse.

For the school start research we categorized the words according to general school terms, school supplies, roles, and subjects. The top five words can be found in each category below:

Enforce compliance requirements & block over 4 billion compromised passwords with Specops Password Policy

General school terms

  1. Gym
  2. Class
  3. School
  4. Student
  5. College

School supplies

  1. Pen
  2. Paper
  3. Printer
  4. Glue
  5. Bottle


  1. Aide
  2. Coach
  3. Teacher
  4. Professor
  5. Assistant


  1. Math
  2. English
  3. Science
  4. History
  5. Physics

Secure password management needs to remain a cyber security priority

Even as passwordless solutions emerge in the market, passwords remain the primary authentication method – serving as the backup for when those solutions fail. Whether organizations are looking to comply with industry guidelines or just secure their Active Directory passwords, a compromised password check is a no-brainer.

The recent ransomware attack on Lincoln College had such severe financial consequences that the school has closed for good. A single breached password is the starting point for many ransomware attacks, where attackers use one account to gain access to other higher-privilege accounts or resources where malware can be implemented. This was the case in the ransomware attack on the US Colonial Pipeline. A known breached Active Directory password was used to authenticate a VPN connection where attackers implemented their malware, ultimately stealing 100 gigabytes of data and collecting a ransom payment of $4.4 million.

Social engineering and AI-driven “spray and pray” attacks are escalating the frequency and sophistication of attempted credential theft, making it easier than ever for an attacker to obtain passwords for nefarious reasons. To reduce risk, all companies, regardless of size or industry, should block weak passwords, create compliant password policies, and employ passphrases.

Contact us today for more information about how Specops can help mitigate your organization’s password-driven risks in Active Directory. In the meantime, let’s get ready for the new season by avoiding passwords that are easy to guess, or readily found on a breached password list

(Last updated on September 20, 2022)

Back to Blog