For years, the worst password — among the most common and easy to guess — was, well, “password,” but that is no more.

splashdata

Image source: SplashData

Now, the worst password to have is “123456.” “Password” still comes in at #2, though.

SpashData, a password management application, puts out a list of the worst, most insecure passwords one can set each year. Its 2013 list of 25 most common passwords was influenced by Adobe’s security breach where user passwords were posted online by Stricture Consulting Group.

“Seeing passwords like ‘adobe123′ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” Morgan Slain, CEO of SplashData, said in a statement.

Also noteworthy to the company was that many of the passwords on the list were short and numerical. This could be because “websites are starting to enforce stronger password policies,” Slain said.

Here’s SplashData’s list of worst passwords of 2013 (showing rank and its change from 2012):

1. 123456 (Up 1)

2. password (Down 1)

3. 12345678 (Unchanged)

4. qwerty (Up 1)

5. abc123 (Down 1)

6. 123456789 (New)

7. 111111 (Up 2)

8. 1234567 (Up 5)

9. iloveyou (Up 2)

10. adobe123 (New)

11. 123123 (Up 5)

12. admin (New)

13. 1234567890  (New)

14. letmein (Down 7)

15. photoshop (New)

16. 1234 (New)

17. monkey (Down 11)

18. shadow (Unchanged)

19. sunshine (Down 5)

20. 12345 (New)

21. password1 (Up 4)

22. princess (New)

23. azerty (New)

24. trustno1 (Down 12)

25. 000000 (New)

If your password is on this list or if you have trouble choosing strong passwords, SplashData offers a couple tips:

Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like “dr4mat1c” can be vulnerable to attackers’ increasingly sophisticated technology, and random combinations like “j%7K&yPx$” can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases — short words with spaces or other characters separating them. It’s best to use random words rather than common phrases. For example, “cakes years birthday” or “smiles_light_skip?”

Avoid using the same username/password combination for multiple websites.  Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.

“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” Slain said.

Read more about the worst passwords list and SplashData’s SplashSafe ID.

Featured image via Shutterstock.