In conjunction with the kickoff of the college football season,Specops researchers analyzed more than 800 million compromised passwords to determine the popularity of Division 1Football Bowl Subdivisionprograms and their team mascots and nicknames appearing on breached passwords lists.  


In total, researchers looked at passwords related to top football-playing universities, finding that Georgia Tech, the University of Kansas and the University of Florida each appear more than 5 million times on breached password lists, while San Jose State University, New Mexico State University and the University of Nevada Las Vegas appear the least.  


Top 25 DI College Football Teams Found on Breached Password Lists

1.  Georgia Tech (GT) 

2.  University of Kansas (KU) 

3.  University of Florida (UF) 

4.  Virginia Tech University (VT) 

5.  Arizona State University (ASU) 

6.  University of Georgia (UGA) 

7.  Old Dominion University (ODU) 

8.  East Carolina University (ECU) 

9. University of North Carolina (UNC) 

10.  University of Southern California (USC) 

11.  Southern Methodist University (SMU) 

12.  University of Alabama - Birmingham (UAB) 

13.  Louisiana State University (LSU) 

14.  Florida Atlantic University (FAU) 

15.  Brigham Young University (BYU) 

16.  University of South Florida (USF) 

17.  Penn State University (PSU) 

18.  Texas Christian University (TCU) 

19.  Florida State University (FSU) 

20.  Florida International University (FIU) 

21.  Texas A&M University (TAMU) 

22.  University of Texas-San Antonio (UTSA) 

23.  University of Central Florida (UCF) 

24.  University of Texas - El Paso (UTEP) 

25.  University of California Los Angeles (UCLA) 


Top 10 Nicknames/Mascots  

  1. Utah Utes 

  2. Florida Gators 
  3. New Mexico Lobos 
  4. Florida State Seminoles 
  5. Akron Zips 
  6. UCLA Bruins 
  7. Oklahoma State Pokes 
  8. Oklahoma Sooners 
  9. Texas Longhorns 
  10. Wisconsin Badgers 

In total, college football team names and mascots appear more than 77 million times on breached password lists.

In today’s cybersecurity threat landscape, any use of a college football team name or mascot must be part of a much larger and complex password if they are to be used at all.