Keeper Security, a US-based password management company, has revealed a list of the worst passwords of 2016. The list has been compiled by aggregating passwords leaked in data breaches during the past year. The Keeper team also assessed the top 25 passwords found in data from Leaked Source, Have I Been Pwned, Randomize and Tripwire. More than 10 million leaked user records were collated by the Keeper Security team, and after examining the leaked data, it was found that over 1.7 million accounts (17%) were secured with the “123456” password, almost one in every six profiles. The simplistic password “123456” ranked first for the third year in a row. Other passwords that made it into the top 10 most common passwords of 2016 list in the report were ‘111111’, ‘password’, ‘123123’ and few other such generic numerical passwords. It came as no surprise, as the top 10 passwords showed a pattern used that consisted of strings of sequential characters, phrases from the top of the keyboard and repeated groups of letters. The list of most frequently used passwords has not changed much over all these years and the users are not aware of risks involved with weak passwords. “This is stunning in the light of the fact that, as we have reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds,” according to Keeper Security. Here’s a look at the complete list of top 25 common worst passwords – those used by the most people at the same time:

  1. 123456 2. 123456789 3. qwerty 4. 12345678 5. 111111 6. 1234567890 7. 1234567 8. password 9. 123123 10. 987654321 11. qwertyuiop 12. mynoob 13. 123321 14. 666666 15. 18atcskd2w 16. 7777777 17. 1q2w3e4r 18. 654321 19. 555555 20. 3rjs1la7qe 21. google 22. 1q2w3e4r5t 23. 123qwe 24. zxcvbnm 25. 1q2w3e Keeper Security called for website operators to do more to force people to create strong phrases. The report stated, “Website operators must take more responsibility for password security. After years of data breaches due to weak passwords, website operators are still not enforcing password best practices. The bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn’t hard to do, but the list makes it clear that many still don’t bother,” the company noted. The report added, “While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.” If you are using any of the password showing in the above list, it is recommended that you change your password immediately. You can protect yourself by using a password manager such as 1Password, which can generate secure passwords and store them online. Alternatively, you can also use two-factor authentication, which will send a text with a code or use an app to verify your log-in. “It’s better to be safe than sorry!”