Think you're being clever by using your own name, or that of your favorite superhero, as your online password? You're not.

SplashData today released its annual list of 25 most common Internet passcodes: or, hackers' 25 best friends.

The new report—compiled during 2014 from more than 3.3 million leaked passwords—continues to prove that folks are generally uncreative and lazy: "123456" and "password" once again took the top two spots.

In a showcase of creativity, "696969" and "batman" joined this year's top 25—nine of which are comprised of numbers-only codes. In general, Web users are leaving themselves at risk by using weak, easily guessable keys.

"Passwords based on simple patterns on your keyboard remain popular despite how weak they are," SplashData CEO Morgan Slain said in a statement, adding that passwords using only numbers should be avoided, especially sequences.

"As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure," he said.

Sequences like "qwertyuiop"—otherwise known as the top row of a standard keyboard—or "1qaz2wsx" (a slightly more complicated version of the "column" code), are just plain bad ideas.

Much like using a sport or sports team, your birthday or birth year, and baby names as your password is a terrible idea. Also in the top 100: swear words/phrases, hobbies, famous athletes, car brands, and film titles.

"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years," online security expert Mark Burnett said. "The good news is that it appears that more people are moving away from using these passwords."

In 2014, the top 25 codes represented about 2.2 percent of passwords exposed, Burnett explained.

Most passwords were held by users in North America and Western Europe; the millions of passwords leaked from Russian accounts last year were not included in SplashData's analysis.

"While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies," he added.

Changing your password isn't difficult, according to SplashData, which suggests folks use a combination of eight or more letters and numbers and avoid using the same username-password combination for multiple websites.

Also, password managers are a great way to organize and protect passwords, generate random codes, and automatically log into websites. 

SplashData's "Worst Passwords of 2014" (new entries in bold):

  • 123456 (unchanged from 2013)
  • password (unchanged)
  • 12345 (up 17 spots)
  • 12345678 (down one)
  • qwerty (down one)
  • 1234567890 (unchanged)
  • 1234 (up nine)
  • baseball
  • dragon
  • football
  • 1234567 (down four)
  • monkey (up five)
  • letmein (up one)
  • abc123 (down nine)
  • 111111 (down eight)
  • mustang
  • access
  • shadow (unchanged)
  • master
  • michael
  • superman
  • 696969
  • 123123 (down 12)
  • batman
  • trustno1 (down one)