In 2023, “admin” was the most used password by Italians. This was revealed by the fifth annual NordPass study. In addition to analyzing the 200 most used passwords in the world, making comparisons between 35 different countries, the annual study also revealed which are the most common passwords depending on the service taken into consideration, as well as evaluating the actual uniqueness of these passwords access.
The passwords most loved by Italians in 2023 — the usual suspects and global trends
Among the 20 most used passwords in Italy, listed below, we find some “well-known faces” and also some new entries. The complete list with all the most common passwords in the world, divided between 35 countries and 8 types of platforms can be found here:
admin
123456
password
Password
12345678
123456789
password99
qwerty
UNKNOWN
12345
ciaociao
francesco
1234567890
Windows1
Windows10
riccardo
corrado
francesca
andrea
juventus
Specifying that passwords vary greatly in each country, including Italy, trends can still be traced at a global level:
The study concludes that people use weaker passwords for their video streaming accounts. Instead, the more solid ones are used on financial-themed accounts. Instead of working to improve the way they create and manage their passwords, users around the world have opted in another direction, preferring preset passwords. The most popular password in Italy is “admin”, probably set by default, which many users do not proceed with changing. People often only use numbers in their passwords. This year, the most used password internationally was “123456”, ranked second in Italy. On this point, almost a third (31%) of the most common passwords in the world are made up of numerical sequences similar to this one. Football is a great source of inspiration for the creation of passwords for many users: teams and players are in fact very often present in the login credentials. In Italy, this year, we can mention “juventus.” In Portugal, however, “benfica” and “Oliveira11” are among the most common. The “winner” of last year’s global study, “password,” is still there. In Italy, both “password” and “Password” entered the annual top 5. Up to 70% of the passwords on this year’s global list can be cracked in less than a second.
The study also revealed what type of passwords are used by users on different platforms and whether there is variation in their strength from one case to another.
The weaker ones are used to protect streaming platform accounts. According to Tomas Smalakys, chief technology officer (CTO) of NordPass, this could be due to multiple users sharing the same profile, opting for passwords that are easy to remember, faster and more practical.
We’re not surprised to find that people pay more attention to accounts associated directly with money. From this perspective, it is interesting to underline how the strongest passwords are used specifically for financial services.
Hackers are targeting passwords saved on browsers
To find out which passwords were most used by users across different platforms, researchers analyzed a database of 6.6 TB of passwords. These credentials were violated by various stealer-type malware, considered by experts to be a very serious threat to the cybersecurity of the general public.
Malware attacks are particularly dangerous because these viruses are capable of stealing a lot of information from their victims. For example, they can steal data saved in the browser, such as passwords and other credentials, cookies used on online sites, pre-populated data… In addition to all this, they can also steal files from the affected computer, as well as details such as Operating System version and address IP.
The future of passwords
In the five years that NordPass conducted this research, “123456” was the most used password on 4 occasions. According to Smalakys, it’s a clear sign that changes are needed when it comes to authentication.
Passkeys are a new tool to deal with this issue. The essence of this technology is that the user does not have to create a password, as the entire procedure is managed automatically. When you sign up to a website that uses passkeys, the user’s device generates a pair of keys linked together, one public and one private. The latter is saved on the device, while the public one is stored within the site server. Individually, these two keys are useless. If the user is correctly identified via biometric factors, the passkeys are associated with each other and access is performed.
Tips for effective management of login credentials
While passkeys are making their way into the mainstream, digital hygiene when it comes to passwords and cybersecurity remains of great importance.
Create long and complex passwords. “123456 is no longer acceptable” reiterated Smalakys. Using easy-to-guess passwords is like leaving your front door open. This is why it is advisable to use random passwords of at least 20 characters, which contain uppercase and lowercase letters, symbols and numbers. Avoid storing them on your browser by opting for a password manager. Given the frequency of stealer attacks targeting browser credentials, third-party password management software is considered a more secure option for storing credentials. Adopt passkeys. An ever-increasing number of sites offer the ability to access your account with passkeys instead of passwords. While it is true that passkeys have not yet completely replaced passwords, they undoubtedly represent the future in the world of authentication. Maximum attention. To protect yourself from stealers, you need to pay attention to all the files you download to your computer. Malware is often distributed via phishing emails: this is why it is important to learn to recognize them.
Research methodology: The password list was compiled in collaboration with independent researchers specializing in cybersecurity incidents. 4.3 TB of data extracted from various publicly available sources were analyzed, including some from the dark web. To conduct this study, NordPass did not acquire or buy any personal data.
The researchers classified the data using various categories, thus allowing statistical analysis to be performed on different countries. NordPass received statistical information exclusively from researchers, without any reference to users’ personal data.
In addition, third-party researchers analyzed another database containing 6.6 TB of passwords. This data was stolen by various stealers, such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot. The virus logs not only included passwords but also the referring site. The researchers categorized the most used passwords by platform type and shared the aggregated statistical data with NordPass.