Which Footy-Themed Passwords Have Been Hacked The Most?

Whether you’re looking to find a romantic partner or book a holiday, almost everything can now be done through the swipe of a screen or a click of a button. Brits love the convenience of digital-first culture, but this comes with more online accounts to manage than ever – and countless usernames and passwords to remember. We’re all familiar with that frustrating feeling of getting locked out, or worse, getting a notification to say that someone has been trying to access your account.

It’s not surprising that 65% of people reuse the same password for multiple accounts – and 68% of those who do so are afraid of forgetting them. Even in the world of work, employees reuse passwords an average of 13 times, which poses a significant cybersecurity risk.

Alongside reusing passwords, creating passwords that are too common or easy to guess can also make you vulnerable to data breaches – but how many people still do it?

Football’s security score

As World Cup fever hits the nation once again, we wondered how many football fans used their favourite player’s name as their password – and how many times they’d been breached through data leaks.

To find the most commonly breached footballer password names, we created a list of the top 50 England football players of all time, including Gareth Southgate’s current England football team and the top 100 rated players from teams across the globe in the 2022 World Cup.

Each name was then fed through haveibeenpwned.com to see how many times the password had been exposed in a public data breach.

The most common footy-inspired surnames in passwords:

1 - Sterling - 90,776 passwords exposed

2 - Walker - 65,856 passwords exposed

3 - Beckham - 53,696 passwords exposed

4 - Rooney - 48,376 passwords exposed

5 - Gerrard - 34,713 passwords exposed

6 - Lampard - 34,482 passwords exposed

7 - Stones - 25,640 passwords exposed

8 - Keegan - 22,641 passwords exposed

9 - Ferdinand - 21,527 passwords exposed

10 - Maddison - 20,073 passwords exposed

The most common footy-inspired full names in passwords:

1 - Wayne Rooney - 3,208 passwords exposed

2 - David Beckham - 3,114 passwords exposed

3 - John Terry - 2,680 passwords exposed

4 - Frank Lampard - 2,361 passwords exposed

5 - Steven Gerrard - 2,314 passwords exposed

6 - Michael Owen - 1,206 passwords exposed

7 - Alan Shearer - 713 passwords exposed

8 - Bobby Moore - 589 passwords exposed

9 - Ian Wright - 571 passwords exposed

10 - Paul Scholes - 470 passwords exposed

Which passwords should I avoid using?

Newcastle defender Kieran Trippier, who was England's free kick hero in the 2018 World Cup, was the least exposed phrase, and the safest password to use. There were no breaches of ‘Kieran Trippier’ and only eight of ‘Trippier’ overall.

Based on surnames, ‘Raheem Sterling’ fans were the second most likely to fall victim to a data breach, with ‘Sterling’ appearing 90,776 times.

As England’s youngest ever goalscorer, having made his full England debut at the age of 17, , the full phrase ‘Wayne Rooney’ was exposed 3,208 times, which was the highest figure for a full name in the list. ‘David Beckham’, however, was the second most exposed password and was breached 3,114 times – so fans of the face of the World Cup should think twice before using the memorable phrase, or change any legacy passwords that might feature his name.

Marcus Rashford rose to the front of the public’s minds during the Covid-19 pandemic for his charity efforts, but passwords using his full name or surname were only exposed a total of 82 times.

This was followed by Phil Foden. Despite being famous for his bleached haircut at the Euros last summer, no passwords using his full name were breached – and only 72 that featured ‘Foden’ were exposed.

Paul Gascoigne, or ‘Gazza’, who’s ‘90s hairstyle inspired Foden’s cut, featured just before Rashford and passwords using his full name and surname were exposed 96 times in total.

How can I manage my passwords better?

It’s important to get into the habit of creating strong, unique passwords both for your personal accounts, as well as any profiles you create at work. Microsoft suggests a length of at least eight characters, to offer defence against an attack while still being short enough to remember.

According to the government’s Cyber Security Breaches Survey 2022, 39% of UK businesses identified a cyberattack that year – and 83% of these attacks were through phishing, which is a common way for hackers to gain password credentials. With many companies now offering hybrid working as standard policy, the survey also identified the risk of businesses not being able to substantially monitor or manage security threats from remote environments, making it even more crucial to instil good password and security practices amongst a workforce.

Staff often rely on weak easy-to-remember passwords because they have to log into multiple applications at work every day.

However, sign-on field service software means they only have to remember one, so it can be more complex and changed regularly.

Jonathan Rogerson, Commercial Solution Consultant at ECI Software Solutions said, “We’re all familiar with the frustrating process of forgetting passwords, resetting and then, unfortunately, forgetting them again. At work, this is particularly true for platforms which you may only use sporadically.

“We’d encourage business owners to simplify their technology as much as possible. Look for field service software which can do numerous tasks from one platform, to minimise the number of passwords people need to use.

“Investing in training to raise awareness of common security threats, and creating a culture where people aren’t scared to speak up if they notice anything unusual, can also help to keep your business safe.”

Methodology

ECI Software Solutions analysed over 100 popular footballers, including the current England squad, using haveibeenpwned.com to see how many times the password had been exposed in a public data breach.

The full name of the footballer and surname was included in the research. Data accurate as of November 2022.