Stop using these passwords: The worst of 2015

Security software manufacture SplashData has shared the 2015 edition of its annual list of the year's 25 most common password. The list, compiled from over 2 million passwords leaked throughout the year, revealed that "123456" and "password" are still users' top two choices when it comes to securing their online accounts. "123456" and "password" have continuously held the top two spots since the list started in 2011.

"12345", "12345678", and "123456789" all appeared in the top six, and "qwerty", "football", "baseball", and "dragon" also remained popular choices.

SplashData CEO Morgan Slain said that that many are now taking the effort to make their passwords longer, but the simple nature of these passwords can make the extra length virtually worthless.

"We have seen an effort by many people to me more secure by adding characters to passwords," wrote Slain, "but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers".

The continued used of simple passwords puts individual's security and privacy at risk, due to their easy-to-guess nature.

The complete list of 2015's most popular – or "worst" – passwords is as follows.

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball
  • welcome
  • 1234567890
  • abc123
  • 111111
  • 1qaz2wsx
  • dragon
  • master
  • monkey
  • letmein
  • login
  • princess
  • qwertyuiop
  • solo
  • passw0rd
  • starwars

CyberShack recommends that anyone using a password found on this list changes it immediately. Ideally, a strong password should be at least twelve characters in length; feature uppercase letters, lowercase letters, numbers and symbols; and avoid the use of common words.

A good approach is finding the acronym for a long phrase that can be easily remembered. If the phrase was one's favourite Snoop Dogg lyric, "rolling down the street, smoking endo, sipping on gin and juice," for example, "rdtssesogaj" would be a good basis for a password.

One could then swap the "a" for a "4", add a few capital letters, and a symbol or two to the end. In this case, "RdtsSeSog4j^*" would be the final password. 

Read more: 7 simple ways to make your computer more secure