Are you old enough to remember when “qwerty” seemed like a clever password? Then you likely came of age in the dark ages of the digital era.

Needless to say, the landscape has changed drastically since those quaint early days of Comic Sans, MSN messenger and fat-screen monitors.

Today, we face a transformed digital reality. Our online options have exploded, multiplying beyond measure the ways we can connect. But along with the privilege of this  digital abundance come new and unexpected responsibilities. 

Privacy and safety concerns head the list. The risk of our social media accounts being hacked, our bank accounts plundered, our identities stolen - these are real and present dangers for anybody who spends any time at all online. Which is to say, for everybody.

Some of the protective measures experts recommend we take may seem overblown or overly complicated. But a single, simple change in our online behaviour - creating strong, smart passwords - can spell the difference between online risk and online reward.

Yet too many of us continue to use, and endlessly re-use, passwords that are exactly the opposite: weak and, yes, plain dumb. What makes a password truly dumb is RISK. The more obvious it is, the more vulnerable it will be to leaks and hacks, phishing and fraud.

A recent study by the Ponemon Institute found 51% of respondents had experienced a security breach in their personal online life and 44% had done so at work. But more than half of victims - 57% - made no change in their password behaviours.

According to Splash Data, one in ten of us have used at least one of the 25 worst passwords on this year’s list.

It’s the digital equivalent of leaving your keys under the mat. 

The good news: for the first time since anybody’s been keeping track, “password” is no longer the number-one most leaked password.

The bad news: “123456” is.

Over five million leaked passwords were evaluated for the most recent list, above.

Among the new entries are “1q2w3e4r” and “qwertyuiop.” At first glance they may seem unhackable, but a closer look reveals they’re just simple patterns using adjacent keys on the keyboard.

But they are utterly transparent to hackers, who are well aware that millions of people use them.

How to minimise risk

Experts recommend three (relatively) easy strategies:

1. Create passwords with a minimum of 12 characters, and be sure to include a mix of symbols (upper-case letters, numerals, punctuation, etc.)
2. Assign a different password for each of your accounts. OK, admittedly, this one is a little less easy. But the fact remains, if  you keep re-using the same “smart” password, you’ve automatically turned it into a dumb one. To keep track,
3. Use a password manager to organise your passwords, generate secure ones and log you automatically into your accounts on your own devices. (Check out a useful review of the options here.)