Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches

Using data from haveibeenpwned.com, Mozilla found that hundreds of thousands of people continue to use their favorite superheroes for passwords.
Written by Jonathan Greig, Contributor

According to a new blog post from Mozilla, superhero-based passwords are increasingly showing up in datasets of breached information.

Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets. 

Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches, and Spider-Man was found in 160,030 breaches. Wolverine and Ironman were also seen in thousands of breaches. 

"A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so it's important to make sure it's strong," a Mozilla spokesperson said.  


The blog is a follow-up to another Mozilla report about the popularity of passwords related to Disney princesses, particularly for users of the Disney+ streaming service. 

Due to the prevalence of breached account details on the dark web, a number of companies are beginning to turn to passwordless systems. 

Last month Microsoft extended its passwordless sign-in option from enterprise customers that use Azure Active Directory (AAD) to consumer Microsoft accounts on Windows 10 and Windows 11 PCs. 

Vasu Jakkal, Microsoft corporate vice president of the Microsoft Security, Compliance, Identity and Management division, said that nearly 100% of the company's employees are passwordless. 

"We use Windows Hello and biometrics. Microsoft already has 200 million passwordless customers across consumer and enterprise," Jakkal said.

"We are going completely passwordless for Microsoft accounts. So you don't need a password at all."

Some services are also turning to two-factor or multi-factor authentication as a way to avoid the use of passwords. 

Editorial standards