The SplashData list of worst passwords of 2014 was just published, and it looks very similar to the list in 2013, 2012, 2011, etc.:
| Rank | Password | Change from 2013 |
| 1 | 123456 | No Change |
| 2 | password | No Change |
| 3 | 12345 | Up 17 |
| 4 | 12345678 | Down 1 |
| 5 | qwerty | Down 1 |
| 6 | 123456789 | No Change |
| 7 | 1234 | Up 9 |
| 8 | baseball | New |
| 9 | dragon | New |
| 10 | football | New |
| 11 | 1234567 | Down 4 |
| 12 | monkey | Up 5 |
| 13 | letmein | Up 1 |
| 14 | abc123 | Down 9 |
| 15 | 111111 | Down 8 |
| 16 | mustang | New |
| 17 | access | New |
| 18 | shadow | Unchanged |
| 19 | master | New |
| 20 | michael | New |
| 21 | superman | New |
| 22 | 696969 | New |
| 23 | 123123 | Down 12 |
| 24 | batman | New |
| 25 | trustno1 | Down 1 |
Sadly, I could have written this same post and used nearly the same list in 2010– in fact, I did: http://www.securityprivacyandthelaw.com/2010/01/is-your-password-still-123456-if-so-its-time-for-a-change/. Not everyone can start exercising, lose weight, save more money or get a new job as a resolution for 2015, but you can change your password, usually in less than 60 seconds, and toughen it up a bit.
Pingback: Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part III: Five Key Lessons for Business | Security, Privacy and the Law