The company publishes the chart annually, and yes, SplashData makes password management software. But it claims its “worst passwords” rankings are based on hard data: a list of 3.3m leaked passwords last year.

The numerical passwords are joined in the latest top 10 by “password”, “qwerty”, “baseball”, “dragon” and “football”, with the analysis based on leaked passwords in North America and western Europe – hence no inclusion of Russian terms, which SplashData claims are also common in mass-leaks.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said chief executive Morgan Slain.

“Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

SplashData claims that lower entries in its list show that people continue to use favourite sports teams, years of birth and the names of their children as passwords – all information that could be found out relatively easily by cybercriminals, if they were targeting an individual.

Weak passwords are a particularly troublesome security mishap, especially when they are used for multiple websites, or when they are used for online email services that could provide a criminal with access to other logins and personal data.

While superheroes like “superman” (21st in SplashData’s 2014 rankings) and “batman” (24th) may be popular choices for passwords, the results if they are cracked could be anything other than super – and users will only have themselves to blame.

More about: