Most people are lazy password-creators, and despite several high-profile data breaches, not much changed in 2014.
The year’s most common—and least secure—passwords looked pretty familiar, according to the security services company SplashData’s annual list, based on 3.3 million leaked passwords in North America and Europe.
As in 2013, “123456” and “password” held the top two slots, and number-only passwords in general comprised half of the top ten passwords. Patterns like “qwerty,” which is the consecutive six keys at the top of the keyboard, remained in the top five.
There were a few new additions in the top 25 most-used passwords: Superheroes such as “batman” and “superman” were popular; “dragon” and “mustang,” showed a love of wild beasts, and “baseball” and “football” of sports. Meanwhile, the simpler, more upbeat days of 2013’s “princess,” “sunshine,” and “iloveyou” were over. (The continued popularity of “shadow” and “trustno1″ indicated some aspirations to subterfuge—thwarted, perhaps, by those passwords’ ubiquity.)
Appearances aside, people actually seem to have taken greater precautions with online protection, said Mark Burnett, an online security expert who worked with SplashData. 2014 saw the “lowest percentage of people using the most common passwords” he explained.
Besides avoiding the common passwords, here are some tips to creating a safer password: Stick to longer, mixed-character passwords (eight or more characters in both capital and lower case letters); stay away from easily guessable personal clues such as pets’ names; avoid dictionary words and instead purposefully misspell words.