Steer clear of these 25 weak passwords

Looks like identity thieves had a field day last year: The latest report from Javelin Strategy & Research reveals that there were 15.4 million identity fraud victims in 2016, up 16% over 2015. Between figures like that and other disturbing news about data hacking in recent months, you'd think we'd all be taking extra precautions to secure our information.

So why are millions of people still using easily guessable passwords like "123456" and, um, "password" to unlock their online data?

These two take the first and second spots respectively on a recently released list of the worst passwords of 2016. Assembled by password management company SplashData, the annual compilation is based on more than 5 million stolen logins that were posted for sale online last year.

See the full list below:
1. 123456
2. password
3. 12345
4. 12345678
5. football
6. qwerty
7. 1234567890
8. 12334567
9. princess
10. 1234
11. login
12. welcome
13. solo
14. abc123
15. admin
16. 121212
17. flower
18. password
19. dragon
20. sunshine
21. master
22. hottie
23. loveme
24. zaq1zaq1
25. password1

How weak are some of the others on the list? "12345," "12345678" and "football" round out the top five. "Welcome" and "admin" are there too, along with cutesy terms like "loveme" and "hottie" and simple variations of the word password, such as "passw0rd" and "password1."

Star Wars fans, take note: "Princess" and "Solo" came in at numbers nine and 13.

The list reinforces that making minor modifications to a common password isn't enough. "Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites," said Morgan Slain, CEO of SplashData, in a statement.

Besides using terms that mix letters, numbers, characters and upper and lower case, here a few more stealthy password-protection tips to help keep cyber thieves at bay.

Use "passphrases" over passwords. Instead of going with one word or term, consider using a password that is a song title, first line of a poem or a saying. Or come up with a phrase or motto that's memorable to you because it's personal—for example, "IamSamsMom" or "IlovemypuppyLulu."

Don't use the same passwords over and over. We get it—with so many devices and apps to unlock, it's less of a hassle to just recycle the same word or phrase. This might make your life easier—but it makes a cyber criminal's life easier too. If a thief guesses your Facebook password, for instance, he'll likely try the same login to access your bank account.

Get a password management app. Still keep a pen and paper list of all your passwords in a notebook near your desk? Come into the 21st century and go with one of the password management tools available these days. Not only do these systems help organize all your passwords, they can generate random new ones for you and often offer extra layers of encryption.

RELATED: See more tips for creating a better password:

Tips for better passwords
See Gallery
Tips for better passwords

Be unique

Countless hacks have found many internet users tend to rely on simple phrases that are easily cracked. "Facebook" for a Facebook password and "LinkedIn123" for LinkedIn. Instead, use words phrases that are unique to your life, so they are easy to remember, but less easy to crack. 

REUTERS/Pawel Kopczynski 

Don't just use letters

Many sites require numbers and/or special characters in passwords these days, and for good reason. Passwords that only use letters are easier to figure out.


Go long

The longer your password, the better. Shorter passwords are easier for hackers to crack using high-powered computers. The longer the password, the longer it takes to crack, which means most will give up. 


Change your passwords

For the most secure accounts that you need protected, changing passwords regularly can help prevent a security breach. 


Don't use details people could know

While numbers are great additions to passwords, hackers could easily figure out the four digits of your birthday. Top security experts suggest ignoring dates entirely. (Shutterstock)

Pay attention to password reset questions too

Mitt Romney fell victim to a hacker when one was able to guess the name of his favorite pet and used it to retrieve and reset his email password in 2012. Stick with information that as few people as possible are likely to know


Use Password Managers

These services add an extra step into your password process, but they generate nearly crack-proof strings of alphanumeric combinations that are often at least 12-characters long. 

(David Muir via Getty Images)

Avoid using them on stranger computers

Computer used at a library or even a friend's house could have malware that steals your passwords.



More from LearnVest:
7 Ways to Help Hack-Proof Your Smartphone
Survey Says: People Would Rather Have Naked Pics Leaked Online Than Money Info
'I Was Bank Hacked!' An Honest Look at U.S. Banking Security
Read Full Story

Want more news like this?

Sign up for Finance Report by AOL and get everything from business news to personal finance tips delivered directly to your inbox daily!

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.