In RetroTech: NetLingo Blog

Happy New Year, it's time to change your passwords again. You can't go anywhere online without a password these days. Want to access Xbox Live through your PC? You'll need a password. Logging onto the PlayStation Store? Cough it up. Playing any online games? You know what to do. Not to mention all of your social networking, email, website, and e-commerce passwords.

The problem though, according to Chris Morris at Plugged In, is that most of us just aren't very password-creative. hacker delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.

The top passwords of 2012 are the same three from a year ago - "password," "123456," and "12345678." In 2012, however, there were some new additions, including "welcome, " "jesus," "ninja," and "mustang." Our favorite newcomer to the list (and yes, we're being sarcastic here), is "password1," a particularly weak attempt at pleasing providers who require a number in your password somewhere.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password," said Morgan Slain, CEO of SplashData. "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

Gamers in particular need to be vigilant in keeping their passwords strong and safe. Hackers have targeted a number of game companies in recent years, including Blizzard, Bethesda, and, most famously, Sony. Earlier this month, PlaySpan, who handles microtransactions for hundreds of online games, was breached.

If you've got any of these phrases as your password on any system — be it a gaming network, email client, or especially an online banking account -- change it. Change it fast. You're leaving yourself open for hacking that could result in the loss of everything, from hard-won Diablo III items to Microsoft Points you spent real-world money acquiring.

Here's the full 2012 list, along with how the popularity of the phrase has increased or decreased in the past year:

1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Keep creating the same old passwords? Here's a few tips on how to create an cryptic password:

- Use the first letter from each word in a phrase or line from a song. For example, "Hey, I just met you... And this is crazy... But here's my number... So call me maybe" could be "hijmyaticbhmnscmm." Of course, you'll be stuck singing the damn thing in your head every time you log in.

- Combine two words, such as "hungrydog" or "choppywater." For added security, separate those words with symbols or numbers, or swap numbers in place of certain letters. So instead of "hungrydog," use"hungry$d0g."

- If the site is case-sensitive, vary upper and lower case letters, as well as using numbers and symbols. ("ViDeOgAmE," for example, is much more secure than "videogame.")