SplashData released its list of the 25 worst passwords for 2012 on Wednesday with very few surprises, reports ABC News.

Despite the increases in hacking and identity theft online, many Internet users are still choosing weak passwords.

“Password” still reigned at the number one spot, with “123456” and “12345678” at numbers two and three, respectively. New to the list are “ninja”, “jesus”, “mustang” and “password1”.

SplashData created the list based on files containing millions of hacked passwords. It advises anyone using passwords on the bad list to change them as soon as possible or risk becoming a victim in a future breach of security.

Rounding out the list of poorly chosen passwords are “abc123”, “qwerty”, “monkey”, “letmein”, “dragon”, “111111”, “baseball”, “iloveyou”, “trustno1”, “1234567”, “sunshine”, “master”, “123123”, “welcome”, “shadow”, “ashley”, “football” and “michael”.

A proper secure password consists of at least eight characters that include one uppercase letter, a special character and a number.

Here’s the top 25 “Worst Passwords of 2012,” including their current ranking and any change from the 2011 list:

1. password (Unchanged)

2, 123456 (Unchanged)

3. 12345678 (Unchanged)

4. abc123 (up 1)

5. qwerty (down 1)

6. monkey (unchanged)

7. letmein (up 1)

8. dragon (up 2)

9. 111111 (up 3)

10. baseball (up 1)

11. iloveyou (up 2)

12. trustno1 (down 3)

13. 1234567 (down 6)

14. sunshine (up 1)

15. master (down 1)

16. 123123 (up 4)

17. welcome (new)

18. shadow (up 1)

19. ashley (down 3)

20. football (up 5)

21. jesus (new)

22. michael (up 2)

23. ninja (new)

24. mustang (new)

25. password1 (new)









