Strong passwords, these were not.
The password "starwars" entered their list in the 16th spot, ahead of passwords including "passw0rd" and "hello."
"Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words," said Morgan Slain, CEO of SplashData, in a statement.
SplashData said in a statement Tuesday the list is based on more than five million passwords leaked during the year.
Once again, "123456" is the worst password of the year, followed by "password." New entrants into SplashData's list include "123456789" (No. 6) and "letmein" (No. 7).
The company estimates nearly 3% of people used the worst password on the list, while almost 10% have used at least one of the top 25.
To keep accounts secure, users can follow these tips:
Think passphrase, not password. Originally, experts suggested thinking of a super complex password with a variety of numbers, uppercase and lowercase letters, and symbols. The problem is they're way too tough to remember. Instead, consider a phrase for your password, then tweak it with numbers or symbols you can more easily recall.
Use two-factor authentication. Most big websites offer an additional layer to the login process, where you can request a text message with numeric code or confirmation through an authenticator app to verify your identity.
Make passwords unique. Use a different password for every website. According to SplashData, if hackers get a password for one set of credentials, they will try them across other services.
Consider password managers. If you have a lot of logins to manage, password managers such as Dashlane and LastPass offer automatically generated passwords for the sites you use. The user will have one master password they need to remember to log in to the manager.