Skip to main content
Cybersecurity

Metallica, Blink-182, and other passwords you shouldn’t use

Your favorite athlete, car, or band is better as a tattoo than a password (probably).
article cover

Illustration: Dianna “Mick” McDougall, Photo: Getty Images

3 min read

Exactly 9,429 people are into Metallica—at least as a password, according to a list compiled for IT Brew by the password manager NordPass.

NordPass’s data-pull revealed some of 2023’s most commonly used passwords in the categories of online game, movies, cars, sports, and music. The pop-culture PWs, which included over 30,000 unique instances of “minecraft,” over 8,000 instances of “mercedes,” and, somehow, over 11,000 cases of “mamamia78,” demonstrate that malicious hackers have some easy first guesses if they know a target’s particular interest.

“People think that, ‘I don’t have anything precious online, in my digital world…But that’s not true. You have your identity, which is very, very important’,” said Tomas Smalakys, CTO of Nord Security.

Phishing and stolen or compromised credentials led the list of attack vectors in IBM’s 2023 “Cost of a Data Breach” report.

The average price of a compromise initiated by stolen credentials, according to IBM’s analysis of breaches from March 2022 to March 2023 was $4.62 million.

Damian Archer, VP of Americas at the cybersecurity provider Trustwave, says common passwords help cyberattackers as they target executives and gather their digital information scattered online. A CEO who’s a Chicago Bulls fan, for example, might use “jordan23,” Archer told IT Brew.

“As you start to build up that portfolio of information about an individual, you almost become their digital friend. You know them. You know how they work. You know what they’re into. Once you understand that about a person, you can start to use your social cues and some of that information to build out: What would this person’s password most likely be?” Archer said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

In NordPass’s database investigation, the password jordan23 was found in “7,087” unique instances.

NordPass, with the help of third-party researchers, inspected a giant database of compromised passwords extracted from various publicly available sources—many found on the dark web. In November, NordPass pulled a “top 200”—a mix of “passwords” and “123s” but a list that lacked star power.

Other standout numbers from the company’s list pulled for IT Brew:

  • Online games: “minecraft” (30,231 unique accounts); “fortnite” (14,699)
  • Movies: “mamamia78” (11,091); “Sherlock#1” (6,836); “starwars” (6,831)
  • Music: “metallica” (9,429); “blink182” (6,860); prince (6,643); slipknot (6,091)
  • Cars: “mercedes (8,343); alfaromeo (6,657); mustang (4,569)
  • Sports: “jordan23” (7,087); “realmadrid” (7,012); “liverpool” (6,883)

The “alarming” quantity of easy-to-guess passwords, said Smalakys, increases the appeal of authentication alternatives, like the digital credential known as the passkey, for end-users who can’t part with their metallica.

“Educate, but also give them alternative technology to try to use, which is more convenient, which is easy, and which is even more secure than passwords,” Smalakys told IT Brew.

Why so many passwords, though, from a more millennial era when Michael Jordan was winning championships and Prince was partying like it was 1999? In other words: Where’s “taylorswift” (or TaylorSwift1989)?

No idea, according to Smalakys, who said he can’t explain the habits; he can only share what’s in the database.

“We know that Metallica is very popular. Linkin Park is very popular. ‘Taylorswift’ might be popular, but it’s not in the database,” said Smalakys.

“Maybe she will appear in the next year’s top 100,” he added.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.