As the Premier League Returns, Football Fans Must Assess the Strength of Their Passwords
Last week, the UK's National Cyber Security Centre (NCSC), the cybersecurity branch of the Government Communications Headquarters (GCHQ), urged football (or soccer) fans to review their passwords and think about the security of their accounts. But why did the agency address the supporters of the beautiful game of all people?
Well, it obviously has to do with the restart of the English Premier League (EPL) – one of the most popular sporting competitions not only in the UK but all over the world. Millions of people watch the games every week both live and on the other side of the screen, and they pay good money to do it. As you can imagine, the coronavirus outbreak meant an unexpected and unwelcomed break for both supporters and football clubs, but as the UK is slowly easing off the lockdown restrictions, the matches are restarting. Fans are understandably excited, but what has that got to do with their passwords?
Behind-closed-doors games mean an increased use of online services
The government has given the green light for the restarting of the competition, but it's still not prepared to allow fans inside the stadiums. The pubs and bars are also closed, which means that supporters have no other choice but to watch the games from the comfort of their own home. For most, this means logging into the streaming service of their choice or enabling a subscription from an online platform. This is what has NCSC so worried.
Football fans are not very good at creating passwords
Football fans are usually very vocal about which team they support, both online and offline. On the football ground, you'll see them wearing scarves and shirts, and you'll most definitely hear their chants. When they get home, many of them will be compelled to share some of the pictures from the stadium on social media, engage in heated online discussions, and use their favorite team's name in their alias. They often use team names as their passwords as well, and they rarely think about the consequences.
Lists of commonly used passwords are compiled fairly often, and some of the entries near the top are always names of sporting teams. The Premier League's popularity means that clubs like Chelsea, Liverpool, and Manchester United are often featured in these lists, and the NCSC is trying to tell everybody what this could lead to.
The hackers will only need a few minutes to scroll through your social media timeline and figure out which club you support, and if you use the team's name as your password, you could be in serious trouble. What's more, the practice is so common, people who do it are also susceptible to brute-force attacks.
The consequences could be quite scary
Hackers know that football supporters are likely to have accounts at platforms that stream sporting events, and they'll probably try to compromise these accounts first. Once inside, they can not only watch the games for free, but they can also pay for additional content with the credit cards saved inside the compromised profile. Having established the correct username and password pair, the hackers can also mount a credential stuffing attack, and if the same password protects the victim's email inbox, they could be in with a chance of resetting multiple other accounts.
It's not difficult to see why the football fans use the names of their favorite teams as their passwords. Football is something very close to their hearts, and they are certainly unlikely to forget which team they support. Some even reckon that by using the team's name as their password, they are showing their love for the club.
It shouldn't be too difficult to see why this is such a bad idea as well, though. Football's popularity continues to grow, and so does the number of people who use soccer teams' names as their passwords. In this day and age, determining which club you support is very easy, and as you can see, it could be equivalent to determining what your password is. This, you have to agree, is not supposed to happen.