The top 25 worst passwords of 2012

While the old favorites remained the same, new words such as "welcome", "ninja", "jesus" and "mustang" highlight SplashData's annual list of the most common passwords used on the Internet and posted by hackers. Users of any of these passwords are the most likely to be victims in future breaches.

The top three passwords, "password," "123456," and "12345678," remain unchanged from last year's list.

"Those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password,” Morgan Slain, SplashData CEO, said in a press release. “We're hoping that with more publicity about how risky it is to use weak passwords, more people will start using stronger passwords and using different passwords for different websites."

Here are the "25 Worst Passwords of 2012”:

# Password      Change from 2011
1. password       Unchanged
2. 123456          Unchanged
3. 12345678       Unchanged
4. abc123          Up 1
5. qwerty           Down 1
6. monkey          Unchanged
7. letmein           Up 1
8. dragon           Up 2
9. 111111           Up 3
10. baseball        Up 1
11. iloveyou        Up 2
12. trustno1       Down 3
13. 1234567       Down 6
14. sunshine       Up 1
15. master         Down 1
16. 123123         Up 4
17. welcome       New
18. shadow        Up 1
19. ashley          Down 3
20. football        Up 5
21. jesus           New
22. michael        Up 2
23. ninja            New
24. mustang       New
25. password1    New

The list was compiled from files containing millions of stolen passwords posted online by hackers. The company advises consumers or businesses using any of the passwords on the list to change them immediately. “Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Slain said.

The company offers a two tips for more secure passwords:

  1. Use passwords of eight characters or more with mixed types of characters. 
  2. Avoid using the same username/password combination for multiple websites.