You can’t go anywhere online without a password these days. You certainly can’t play many games without one.
Want to access Xbox Live through your PC? You’ll need a password. Logging onto the PlayStation Store? Cough it up. Playing any online games? You know what to do.
The problem, though, is that most of us just aren’t very password-creative. Hackers delight in posting usernames and passwords online when they raid a database. To prove the point — and to help us all make better password decisions — SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.
The top passwords this year are the same three from a year ago – “password,” “123456,” and “12345678.” This year, though, there are some new additions, including “welcome, ” “jesus,” “ninja,” and “mustang.”
Our favorite newcomer to the list, though, is “password1,” a particularly weak attempt at pleasing providers who require a number in your password somewhere.
“At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password,” said Morgan Slain, SplashData CEO, in a statement.
“We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”
Gamers in particular need to be vigilant in keeping their passwords strong and safe. Hackers have targeted a number of game companies in recent years, including Blizzard, Bethesda, and, most famously, Sony. Earlier this month, PlaySpan, who handles microtransactions for hundreds of online games, was breached .
If you’ve got any of these phrases as your password on any system — be it a gaming network, email client, or especially an online banking account — change it. Change it fast. You’re leaving yourself open for hacking that could result in the loss of everything, from hard-won Diablo III items to Microsoft Points you spent real-world money acquiring.
Here’s the full list, along with how the popularity of the phrase has increased or decreased in the past year:
1. password (Unchanged) 2, 123456 (Unchanged) 3. 12345678 (Unchanged) 4. abc123 (Up 1) 5. qwerty (Down 1) 6. monkey (Unchanged) 7. letmein (Up 1) 8. dragon (Up 2) 9. 111111 (Up 3) 10. baseball (Up 1) 11. iloveyou (Up 2) 12. trustno1 (Down 3) 13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football (Up 5) 21. jesus (New) 22. michael (Up 2) 23. ninja (New) 24. mustang (New) 25. password1 (New)
Keep creating the same old passwords? Here’s a few tips:
– Use the first letter from each word in a phrase or line from a song. For example, “Hey, I just met you… And this is crazy… But here’s my number… So call me maybe” could be “hijmyaticbhmnscmm.” Of course, you’ll be stuck singing the damn thing in your head every time you log in.
– Combine two words, such as “hungrydog” or “choppywater.” For added security, separate those words with symbols or numbers, or swap numbers in place of certain letters. So instead of “hungrydog,” use”hungry$d0g.”
– If the site is case-sensitive, vary upper and lower case letters, as well as using numbers and symbols. (“ViDeOgAmE,” for example, is much more secure than “videogame.”)
Culled from Yahoo! Games