Trying to remember any one of the 500 passwords you need to function in today’s digital society is one of life’s many frustrations. But, opting for convenience over security is basically a written invitation to hackers.

Cyber security experts continue to urge users to become better informed about online threats and the importance of using complex, difficult-to-guess passwords, yet many users continue with insanely unsafe ones.

According to a new analysis of the passwords leaked in the recent Yahoo data breach, the most popular choices are still “123456” and “password”.

The ten most common passwords in the leaked Yahoo database were:

1. 123456
2. password
3. welcome
4. ninja
5. abc123
6. 123456789
7. 12345678
8. sunshine
9. princess
10. qwerty

Passwords are your first line of defence

Brute force password hacking is one of the most common ways hackers break into computers. The Worst Passwords of 2016 list reflects the above passwords with the additions of ‘hottie’ ‘loveme’ and ‘flower.’ The force remains strong with the continued use of Star Wars themed ‘solo’ and ‘princess.’ Sadly, all of these passwords and more are known by many hackers and are built into malware.

The Conficker worm, which at its peak in 2008 infected 7 million computers worldwide -and which continues to infect computers today- utilised these passwords and continues to gain access with the use of these passwords. (See full list of Conficker passwords here).

In a massive theft of Twitter usernames and passwords involving nearly 33 million customers, “123456″ was by far the most commonly used passcode, according to security company LeakedSource. More than 120,000 people whose credentials were hacked had used “123456” as their Twitter password.

When it comes to bad passwords, it’s quite discouraging to see that in the last 9 years not much has changed. Many of 2016’s Worst Passwords are utilised by Conficker are largely responsible for the worm’s success then and continued appearance now.

Today, creating a good, unique password for every device and application you use is essential to securing your digital information. Having a solid online protection suite such as Emsisoft Anti-Malware is important, but it’s also kind of irrelevant if you’re just handing out the keys to get in.

How to create an impenetrable password

There’s a lot of talk today about what comprises a good password. Most sources will tell you that you need at least 16 characters and that those characters need to be a unique combination of numbers, letters, and symbols. For example, g43h3982D219Qtt7 is a pretty darn good password. It makes absolutely no sense, and it is pretty much impossible to remember.

Unfortunately, what makes a password impenetrable is also what makes it hard for you to keep track of and use. Creating a g43h3982D219Qtt7 for every device and app you use is easy enough – in fact, there are even password generators that will do this for you – but remembering which is which is tough. Keeping track of everything with an excel sheet or word document is a big no-no. In light of this, companies like SplashData will manage your passwords for you. If you’ve got the money and you stand to lose a lot, purchasing one of these services isn’t a bad idea at all.

But what about those of us who are looking for password security on a budget, who want something a little more effective than a bucket of water perched atop the threshold of our front door? Keepass is a free service that stores your passwords locally on your computer. You only need to remember one password for access, the master. Make the master password strong and add an extra layer of security with the use of a key file.

Get creative with random personal information

If you’re trying to manage your own passwords, the very best thing you can do is to be random. Create passwords that only you could think of, and they’ll become the best passwords. Don’t use anything associated with the facts of your life or that can easily be gleaned by perusing your social media. Just gather some of the thoughts circling around in your head that you’ve never shared with anyone, and combine them to create a password you can call your own.

Have secret ambitions of becoming the next international tap dancing sensation, owning 6 iguanas, and retiring in Guam? Excellent. How about 6tappingiGUAMnas91a7, with some random characters added at the end for good measure.

Want to join the circus, buy a pony, and eat nothing but ½ pound burgers for the rest of your days? Great! Your new password is 0.500ponyClown4Life!

Important: Do not reuse passwords. Sites are hacked often and the more websites that utilise your one password, the greater risk you face. Create unique passwords for each account you have and your digital life will be safer for it.

As you can see, the secret to good passwords is that they’re secret. Things like g43h3982D219Qtt7 certainly work, but if you’ve got a colourful enough imagination the possibilities are limitless.

In either case, the important take away is that choosing passwords is not just some flippant activity. It’s your first line of defence against malware. For the best protection, use passwords that are random and unique. And, whatever you do, stay the hell away from the Top 25.

Have a great (malware-free) day!