Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla.
Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.
Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches and Spider-Man was found in 160,030 breaches. Wolverine and Ironman were also seen in thousands of breaches.
“A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so it’s important to make sure it’s strong,” a Mozilla spokesperson said.
The blog is a follow-up to another Mozilla report about the popularity of passwords related to Disney princesses, particularly for users of the Disney+ streaming service.
Due to the prevalence of breached account details on the dark web, a number of companies are beginning to turn to password-less systems.
Last month Microsoft extended its passwordless sign-in option from enterprise customers that use Azure Active Directory (AAD) to consumer Microsoft accounts on Windows 10 and Windows 11 PCs.
Vasu Jakkal, Microsoft corporate vice president of the Microsoft Security, Compliance, Identity and Management division, said that nearly 100% of the company’s employees are passwordless.
“We use Windows Hello and biometrics. Microsoft already has 200 million passwordless customers across consumer and enterprise,” Jakkal said.
“We are going completely passwordless for Microsoft accounts. So you don’t need a password at all.”
A some services are also turning to two-factor or multi-factor authentication as a way to avoid the use of passwords.