The annual most common (i.e., worst) passwords list has been released, and there's good news and bad: the most egregiously obvious password has been downgraded from the number one slot, but its replacement isn't that much better.

SplashData, an internet security, encryption, and password and data-management company, announces a list every year for the most common 25 passwords found on the internet. According to the company this year, 2013 was the first year where the number one most commonly used, and infinitely worst, password was usurped by another.

Can you guess what the all-time most popular/worst password is -- which has now slipped to the number two position? That's right, it's "password." But don't get too proud of our collective online security aptitude, the number one password for 2013 is now "123456," which has moved up one slot over the last year.

Interestingly, this year's list by SplashData was influenced by a major hack attack that was exposed in the early fall last year. In early October, KrebsOnSecurity announced that it had discovered a huge database or "trove" of data taken from Adobe servers. Later a list of passwords was posted by security consulting firm Stricture Consulting Group, which showed the dearth of password creativity by Adobe users.

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to use the name of the website or application you are accessing," said Morgan Slain, CEO of SplashData in its release. "Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," said Slain.

Besides password and qwerty, nearly all of the top worst passwords involved a string of numbers, usually in numerical order - like 123456789, 1234567, or 12345678. If your password is dumb enough to be spoofed in a Mel Brookes movie that came out about a decade before the internet became commonplace, you might have a problem.


Some of the most fascinating commonly-used passwords are words though -- letmein makes sense, as does admin for some purposes, but monkey, shadow, sunshine, and princess are infinitely baffling as to why they made the top 25.

Simple words, number combinations, or even passwords with number substitutions (like zeros for O's and fours for A's) are not very good passwords to use in any situation. SplashData (and everyone who cares about security on the internet) suggests you use random words and numbers that can make an uncommon passphrase that you (and only you) can easily remember. And try not to use the same password for multiple websites, even though it's difficult to do. Of course SplashData suggests you use their password software to keep track of all websites and logins, but there are many password management options to choose from, depending on your budget and needs. If you're a Mac user, the free Mavericks OS X provides a service called iCloud Keychain included in the operating system.

With all of the hacks and security exposures that happened in 2013 -- many of which are out of users' control -- it's a good time to find out what you can do on your own to avoid losing your data.