Despite the vulnerability presented by weak passwords, many Internet users continue to put their security at risk by using common words or number sequences that are easily guessable.

Unchanged from last year, the three most popular passwords for 2012 were "password," "123456," and "12345678," according to SplashData's annual "25 Worst Passwords of the Year" list. The list was compiled from files containing millions of stolen passwords posted online by hackers.

But that isn't to say that our choices have stagnated; new entries to the list this year include "welcome," "Jesus," "ninja," "mustang," and "password1."

In a year punctuated by high-profile hacks that leaked millions of passwords, SplashData hopes the lists highlights the importance of choosing a robust password.

"We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different Web sites," SplashData CEO Morgan Slain said in a statement. "Just a little bit more effort in choosing better passwords will go a long way toward making you safer online."

A security breach revealed in July at Yahoo yielded nearly a half million login credentials stored in plain text. Other password thefts at LinkedIn, eHarmony, and Last.fm contributed to approximately 8 million passwords posted in two separate lists to hacker sites in early June.

SplashData's list, including changes in ranking from last year's list:

password (unchanged) 123456 (unchanged) 12345678 (unchanged) abc123 (up 1) qwerty (down 1) monkey (unchanged) letmein (up 1) dragon (up 2) 111111 (up 3) baseball (up 1) iloveyou (up 2) trustno1 (down 3) 1234567 (down 6) sunshine (up 1) master (down 1) 123123 (up 4) welcome (new) shadow (up 1) ashley (down 3) football (up 5) Jesus (new) michael (up 2) ninja (new) mustang (new) password1 (new)

Security experts suggest picking long passwords (the longer, the better) that include as many different characters as possible while excluding anything that can be personally linked, such as birthdates or names of relatives. Choosing passwords that include words found in common dictionaries is also discouraged.