You may have protected your personal data with strong passwords, but when hackers seize control of other computers, the resulting “botnets” can cause plenty of collateral damage. The depressing part is that one of the biggest holes is the easiest to fix: terrible passwords. SplashData has just released its annual list of the worst ones (gleaned from hacked file dumps), and things haven’t changed much over last year. The most common stolen password is still “123456,” which edged out perennial groaner “password.” Other top picks in the an alphanumeric hall of shame are “12345678,” “qwerty,” “monkey” and new this year, “batman.” According to security expert Mark Burnett, the top 25 (below) represent an eye-popping 2.2 percent of all passwords exposed.

The good news is that fewer people are using bad passwords than in 2013, perhaps thanks to some well-publicized data breaches at Sony, Target and elsewhere. SplashData reminds folks to create passwords with at least eight mixed characters — preferably more — not based on easy-to-brute-force dictionary words. As pointed out by Buffer Open, other methods include pass phrases, mnemonic devices and other memory tricks — including a gem from XKCD. You shouldn’t use the same password on more than one site, so if you have a lot, it’s a good idea to use one of the many password managers out there, like LastPass or SplashID. Those let you access your entire collection of passwords with just a single passphrase — one that had better be a lot stronger than “123456.”

Rank Password Change from 2013
1 123456
2 password
3 12345
4 12345678
5 qwerty
6 123456789
7 1234
8 baseball
9 dragon
10 football
11 1234567
12 monkey
13 letmein
14 abc123
15 111111
16 mustang
17 access
18 shadow
19 master
20 michael
21 superman
22 696969
23 123123
24 batman
25 trustno1

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com