We've been seeing an unprecedented number of security breaches over the last few years targeting large corporations and individuals alike. That isn't stopping people from using the most unimaginative and predictable passwords when signing up to a website or online service, however. SplashData has published a list of this year's 25 most popular (read: worst) passwords based on millions of stolen logins posted online by hackers in 2012.
SplashData hopes the list highlights the importance of choosing a robust password and more people will start taking simple steps to protect themselves. Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, SplashData says.
The list is similar to last year's but with some new additions on the bottom half such as jesus, ninja, welcome and password1 – hey at least more people are taking the advice to combine text and numbers!
| 1. password (Unchanged) | 10. baseball (Up 1) | 18. shadow (Up 1) |
| 2. 123456 (Unchanged) | 11. iloveyou (Up 2) | 19. ashley (Down 3) |
| 3. 12345678 (Unchanged) | 12. trustno1 (Down 3) | 20. football (Up 5) |
| 4. abc123 (Up 1) | 13. 1234567 (Down 6) | 21. jesus (New) |
| 5. qwerty (Down 1) | 14. sunshine (Up 1) | 22. michael (Up 2) |
| 6. monkey (Unchanged) | 15. master (Down 1) | 23. ninja (New) |
| 7. letmein (Up 1) | 16. 123123 (Up 4) | 24. mustang (New) |
| 8. dragon (Up 2) | 17. welcome (New) | 25. password1 (New) |
| 9. 111111 (Up 3) |
Naturally, if you're using any of the passwords above, you should change them immediately. Instead, you'll want to use passwords of at least eight characters or more with mixed alphanumerics, or use short words with spaces (when allowed) or other characters separating them, like "eat cake at 8!" or "car_park_city?".
Perhaps one of the most important (yet less commonly used) measures to mitigate the risk of being exposed is to never use the same username and password combination for multiple websites. Services such as LastPass or RoboForm can generate random alphanumeric passwords for every site and store them in the cloud so you don't have to remember them, while programs such as KeePass can safely store them locally.