Each year, SplashData carries out an analysis of leaked passwords to find the top 25 dumb passwords. This year, the company had five million passwords to work from, most of them from hacks in the US and Europe.

There are plenty of old favorites – including ‘password’ – but this year eleven new ones made the list …

There’s no change to the top two. The top slot is retained by 123456, while #2 on the list is password.

Other top 10 places are taken by 12345, 1234567, 12345678 and 123456789. The top 10 are completed by 111111, sunshine, qwerty and iloveyou.

But eleven new dumb passwords made the top 25 this year, including ‘Donald.’

“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

The remaining new entries are 111111, sunshine, princess, 666666, 654321, !@#$%^&*, charlie, aa123456, password1 and qwerty123.

The full list is:

123456 password 123456789 12345678 12345 111111 1234567 sunshine qwerty iloveyou princess admin welcome 666666 abc123 football 123123 monkey 654321 !@#$%^&* charlie aa123456 donald password1 qwerty123

SplashData said that it was inexplicable why people chose such obvious passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

The company said that almost 10% of people have used at least one dumb password on the list, and nearly 3% have used the worst one, 123456.

As always, our recommendation is to use a password manager to have strong, unique passwords for each website and app, and to always opt for two-factor authentication.

Photo: Shutterstock

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news: