If your password is on the list below you had better change it.

Among the 25 most common passwords among 3.3 million that were leaked online last year, the top two were once again "123456" and "password," according to a company that provides password management software.

SplashData, based in Los Gatos, Calif., said the top two passwords this year were the same as in 2013. The company has compiled the list annually since 2011.

New additions to the Top 25 for 2014 include: baseball, dragon, football, mustang, access, master, michael, superman, 696969 and batman.

Common passwords are much easier for cybercriminals to guess. That makes users vulnerable to having accounts such as email and online banking hijacked and their identities stolen.

Sensitive data such as passwords are often posted online by hackers who steal them during attacks on websites and corporate networks. This year, most of the passwords came from users in North America and Western Europe.

Based on its analysis, SplashData recommends that when crafting your password:

Don't use keyboard patterns e.g. "qwertyuiop" from the top row of letters

Don't use a favourite sport – baseball and football were both in the Top 10, with hockey, soccer and golf in the Top 100.

Don't use your birthday or birth year. People in their early 20s seemed to be especially guilty of this, with the years 1989 to 1992 all in the top 100.

Don't use common names – michael, jennifer, thomas, jordan, hunter, michelle, charlie, andrew and daniel were all in the Top 50.

Here's the entire list: