Better Hope Your Password Isn't on This List of the Worst of 2015

PHOTO: A password is entered on a computer screen in this undated file photo.PlayGetty Images
WATCH The Worst Passwords of 2015

If your password is on this list, it's time for a digital intervention.

Year after year, some people continue to put themselves at risk by choosing simple yet incredibly hackable passwords. SplashData, a software and security firm, released its annual list of the worst passwords of 2015 and once again, "123456" has come out on top.

Other passwords in the hall of shame are perennial favorites: QWERTY (the letters are keyboard neighbors), password, football, baseball, welcome, dragon, master and monkey. Notable new additions to the list include login, princess, passw0rd and starwars.

Robert Siciliano, an online safety expert to Intel Security, told ABC News "there are two schools of thought revolving around what makes a strong password."

"A good password that is hard to crack may spell something out and have upper case, lower case, numbers and characters whereas a stronger password is one that is completely undecipherable," he said.

SplashData, which compiled the list of worst passwords, recommends users create a password or passphrase that includes 12 or more mixed type of characters -- meaning upper and lower case letters, numbers and symbols.

A password manager, which is a place that can help users create undecipherable passwords for each of their accounts and then store them securely for their reference, is a great way to protect yourself online, Siciliano said.

"Password managers are an absolute must today, since people have between 15 and 25 websites they have to access on a daily, weekly, monthly basis," he said.

One more tip from Siciliano: Don't ever use the same password on more than one account.

"If one account is compromised, say some rogue social account you haven’t used in five years and criminals discover unencrypted passwords on that database, now what they have at their disposal are usernames and passwords," he said. "Once they have your user name and unencrypted password, they will take that data and enter it into iCloud, Twitter, Visa, Bank of America and so on. ... They’ll plug it in and see what works."