The following is from the AARP:
AARP Bulletin's 25 Passwords to avoid that's easier to guess (and steal):
If "password" is your online password, you're in good company …and that's bad. As the single most popular log-in used to access online accounts, it's also the one most easily hacked by cybercriminals.
Changing the "o" to a zero—"passw0rd"—is not much better. It ranks as the 18th most common, according to SplashID, a company that produces password management software. And with more websites now requiring passwords to include both letters and numbers, you may think you're safe with "abc123."Think again. That password ranked fifth.
Some new trends have popped up in SplashID's analysis of millions of passwords. Joining the longtime "don't use" password "qwerty"—the top left letters on a keyword—is "qazwsx," a top-to bottom sequence on the left. There's also increased use of common names. Officials, however, are baffled by the popularity of "monkey" and "shadow."
But what's clear is that using any of these passwords significantly increases your risk of identity theft. Although cybercrooks sometimes apply sophisticated hacking software, they're more likely to depend on the old-fashioned method: repeatedly trying common passwords to log into your account.
Here's how to make passwords harder to hack yet easier to remember:
Go long. Use at least 12 keystrokes. One study shows that a good 12-character password would take hackers more than 17,000 years to crack.
Mix it up. Use upper- and lowercase letters, spaces and underscores, and symbols like @ and %.
Finesse your favorites. For easier recall, base your passwords on foods you like, TV shows or first letters of a song, but with tweaks, symbols and conscious misspellings.