The holidays are about joy and togetherness – but for cybercriminals, it’s also open season. Especially if you fall into the trap of using a compromised password this December.
Intercede, a cybersecurity company with the world’s largest breached password database, says it’s time to rethink your strategy if you’re using ‘snowman’ or ‘santa’.
So, let’s dive right in. Here’s why your festive password choices could put you at risk, and how to protect yourself.
Most compromised holiday passwords
Intercede’s research shows people just love adding a festive touch to their passwords this time of the year. But unfortunately, your friendly neighbourhood hacker knows this, too.
The top 10 most compromised holiday passwords are:
- snowball
- christmas
- snowman
- snowflake
- snowball1
- christmas1
- snowman1
- Christmas (capitalized)
- Snowball (capitalized)
- Santa
Other risky seasonal choices include candycane, xmas, gingerbread, and mistletoe.
Sound familiar? If any of these are your go-to, it’s time to change them. Fast.
Password safety: Why it matters
Think your password is safe because it’s “personal” or “unique”?
Think again. Cybercriminals have access to over 11 billion breached credentials, according to Intercede’s database.
And here’s the scary part:
That’s more than one for every person on Earth.
If your password is short, predictable, or based on something seasonal, you’re making it easy for hackers.
James Westgate, Acting CTO at Intercede, warns: “By choosing these types of passwords, it can make all a cybercriminal’s Christmases come at once—and ruin yours.”
Password mistakes we all make
Still using a simple password because it’s easy to remember? You’re not alone.
On average, passwords haven’t changed much in a decade. On average, passwords are still eight characters long.
But according to updated guidelines from the National Institute of Standards and Technology (NIST), passwords should now be 15 to 64 characters long.
Yes, that’s SIXTY-FOUR CHARACTERS long.
Why so long?
- It’s harder to crack. Longer passwords increase the time it takes for hackers to break in.
- Predictability is the enemy. Simple, seasonal words make their job easy.
So, you’re ready to kick Santa123 to the curb but where to from here?
Online passwords: How to protect yourself
Feel overwhelmed? Don’t worry.
Protecting yourself doesn’t have to be complicated.
Here are a few simple tips to keep your accounts safe:
- Make passwords long and unique: Aim for at least 15 characters.
- Avoid obvious words: Don’t use anything seasonal, personal, or easy to guess.
- Use different passwords: Never reuse passwords across accounts.
- Use two-factor authentication (2FA): Add that extra layer of security.
- Try a password manager: Tools like these create and store strong passwords so you don’t have to remember them all.
Pro Tip: Many browsers now suggest strong passwords automatically. Let them do the heavy lifting. (Still be careful with your browser habits, though. Someone with access to your PC will also have access to your saved passwords.)
It happened. Now what?
There’s no shame in having a password fiasco. It’s happened to everyone from Taylor Swift to Twitter creator Jack Dorsey, who was hacked back in 2019. He had 4.2 million followers at the time.
The first bit of advice I can give (as someone who has been down this path myself) is do not, under any circumstances, panic.
Once you have your nerves under control, keep calm and check your settings. And then regain access to your account and change your password immediately.
The easiest way is to reset the password (click that ‘forgoet password’ thingy) and log out all other sessions and devices.
While doing this, also make sure your login email wasn’t changed.
True story…
While not a festive mishap, I did (a few years ago) have a very basic password for my Sony account. When hackers took control of my PSN (Playstation Network) account, they changed the log-in mail too…
Thankfully I saw the email notification for a password change as it came in – before they could change the log-in mail and effectively sign me out of my account AND any other alerts.
I had to reach out to Sony and prove the account belonged to me. Good thing, too, because I had a local credit card and international payment facility linked to my PSN account.
Pro-tip: Purchase something from whichever service you’re logged into, if you can. Even if it’s a free game, in the case of a PlayStation or Xbox account. You’ll get an invoice sent to you, and can later use that as proof that said account belongs to you.
Lesson learned. I switched to a password manager, and now my passwords are a mix of random words, numbers, and symbols. I don’t even know them offhand—but they’re safe.
Don’t get careless with your digital life
Remember: Your passwords are the key to your digital life. Don’t let festive cheer make you careless. A few small changes can keep your holiday shopping—and your personal information—secure.
As Westgate says:
“By taking simple steps, you’ll protect yourself and the businesses you buy from.”