123456 will also go down as the worst password ever considering that it doesn't even require typing skills to enter.
Password and 123456 are in good company, however, with other weak, easily guessable passwords. The Top Ten includes "qwerty," "abc123," "111111" and the ever-popular "iloveyou” – all highly susceptible to brute-forcing and cracking algorithms.
SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. This year's list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe's well publicized security breach. For Adobe users, the name of in-use software proved to be fertile ground for passwords. Unfortunately, they tend to be very easy to guess.
"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," says Morgan Slain, CEO of SplashData.
This year's list also showed that more short numerical passwords are coming into use, even though websites are starting to enforce stronger password policies. For example, new to this year's list are simple and easily guessable passwords like "1234" (No. 16), "12345" (No. 20) and "000000" at (No. 25).
Only four in the top 20 seem to be unlinked to numbers or other simple inspirations: “monkey,” “shadow,” “sunshine” and “princess.”
“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” Slain said.
But that’s of course easier said than done. A good guideline is to use passwords of eight characters or more, with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPx$" can be difficult to remember.
“One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them,” said Crain. “It's best to use random words rather than common phrases. For example, ‘cakes years birthday’ or ‘smiles_light_skip?’”
Users should also avoid using the same username/password combination for multiple websites.