According to a list compiled by SplashData, internet users are still guilty of using easily guessable passwords.

The “worst password” list was topped by “123456” and “password” for the 4th year running, with “baseball,” “dragon” and “football” also appearing in the top 10.

SplashData collects information for its list from over 3.3 million leaked passwords, most of which are from internet users in North America and Western Europe.

And The Award For Stupidest Password Of The Year Goes To...

Do these passwords sound familiar?

While simple numerical passwords remain common, 2014 was the year that “batman” broke into the top 25 list, however “iloveyou” dropped out. Was 2014 the year that our password choices became less sentimental?

“Any password using numbers alone should be avoided, especially sequences,” said Morgan Slain, CEO of SplashData. “As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

Online security expert Mark Burnett claims that the top 25 passwords only represent 2.2% of those leaked. “While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies,” he said.

That percentage may suggest that internet users are becoming more security conscious, perhaps following growing concern over internet security and privacy. It could be argued that the population as a whole is becoming better educated as to the implications of information sharing online, and as such are more worried about picking a stronger password.

Stronger passwords

Although some internet users insist on sticking with easy to memorize, and easy to guess, passwords, websites are doing their bit to encourage people to think of more complicated combinations of characters. SplashData also published a set of tips for those of you who may still be using one of the top 25 as your password.

The company advises against using the same username/password combination for multiple sites, and suggests that passwords should contain a minimum of 8 mixed characters. It is also advised not to use your birthday or your children’s names.

Good luck remembering a different hard-to-crack password for all of your online accounts.