Like every year, when we approach the end it is normal to draw conclusions about what has been: we do it in our personal lives and we do it professionally, as individuals or as companies. It’s the period in which rankings of all kinds are raging on the web; as operators in the ICT field who fight so much on the issue of security, we bring you a ranking that concerns this issue. This is the ranking of the most hacked passwords in 2017. A consideration is unfortunately a must before continuing to read: we are in 2017 (in 2017!!) and yet we inexorably run into the same trivial mistakes that may have cost us dearly in the past, in spite of the most common and now said and done recommendations.

The ranking was compiled by SplashData by analyzing databases of data stolen by hackers during 2017. The analysis definitely reports a lack of imagination on the part of users, who, in order not to make the effort to remember a particular password, rely on words or series of numbers that are very easy to discover. Stable in first place, a real tough nut to crack, is the number sequence “123456”…probably easier to remember than one’s date of birth (which is not that much more secure an alternative anyway). The second place makes us smile: it is occupied by the word “password” … that users take too seriously the command “type password”?!?!? The third place is a sort of remake of the first place: probably it’s the password that users choose when the first one has expired and they have to change it 😉, the result is “12345678”.

If the first three places are a hymn to banality, it is hoped that scrolling down the ranking we can find more and more difficult words….and instead appear simple words such as “qwerty”, “welcome”, “football”, “iloveyou”, “starwars”. The ranking must therefore serve as a warning, that is “do not use these passwords at all!!!” to avoid account violation. On the contrary -and here we must repeat ourselves for the umpteenth time- give free rein to your imagination and opt for passwords that do not contain only numbers or letters but that are a mix of upper and lower case letters, numbers and special characters (.,%&$§). It follows that by creating a complex password the tendency will be to use it for all accounts…mistake!!! Change your password often over time and for the various accounts you want to protect. Good memory exercise!

Sara Avanzi