The top 50 passwords among 10 million leaked logins reveal a lot about what we can do to improve security on the Web. Is your password “123456”? Even if it’s not, keep reading.
A report by WP Engine from 2015 analyzes passwords gathered from the Web and shared openly for security research purposes. Based on frequency, WP Engine estimates that 16 out of 1,000 passwords could be guessed simply by using the top 10. 
“Unmasked: What 10 million passwords reveal about the people who choose them” describes the average length of passwords (8 characters), average strength (weak), and demonstrates how most people use passwords that are easy to crack because the words, numbers, or keyboard typing patterns they use are predictable.
Someone could access your email or other accounts simply by guessing your password. Or hackers may get hold of breached data from a service you use, and figure out how to reveal your password and try it across multiple other services. If you use the same password as thousands of others, you become an easier target for attackers.
Here’s the good news: Using a password manager, automatically generated passwords, and two factor authentication can really help keep your data safe. With unique, strong passwords, we easily improve our individual security and can even protect Internet-connected devices from global scale attacks that endanger Internet health.
The top 50 most commonly used passwords 

50 Most Common and Easy Passwords that You Should Avoid

When it comes to providing passwords online, many users want to have a “one password fits all” for ease and convenience not really knowing that this could spell disaster.
The funny thing is most people do not bother deliberately creating their passwords, but rather just go with lame passwords that even a 2 year old kid can guess. Little did they know that their passwords belong to the “universal passwords” that a amateur hackers happen to have a list of.
When the lame passwords meet the virtual goons of the internet, they can create havoc in the users’ life. To avoid experiencing the “sad plight” of many internet users who have been hacked, make sure you generate very strong random password or use passphrase.

Here are the Top 50 most common passwords you should avoid.
  1. Password that are same as username.
  2. Personal information as password ( name, city, birthday, family member names)
  3. welcome
  4. qwert
  5. abc123
  6. password
  7. password1
  8. iloveyou
  9. princess
  10. 123456
  11. 12345
  12. 123456789
  13. Password123
  14. 12345678
  15. 696969
  16. 111111
  17. F*****
  18. 6969
  19. Iwantyou
  20. Babygirl
  21. 654321
  22. A******
  23. 666666
  24. 121212
  25. ZZZZZZ
  26. Ferrari
  27. S*****
  28. H*******
  29. Maddog
  30. Booboo
  31. B*****
  32. Hooters
  33. Tomcat
  34. Badboy
  35. Booger
  36. Matrix
  37. Bigdaddy
  38. P******
  39. 232323
  40. 4444
  41. 00000
  42. Booty
  43. 112233
  44. Rosebud
  45. Blonde
  46. Tester
  47. 123123
  48. Mustang
  49. Cowboy
  50. changeme
Looking at the list above would probably elicit a laugh or two, but it is definitely no laughing matter when one day you wake up and find that your account has been hacked.
Even if you think that your passwords are completely un-guessable, repeating the same password on multiple websites can still post a risk. Besides, with a gazillion of internet users all over the world, the likelihood that your favorite password might also be a favorite of hundreds of other users is possible. As a rule of thumb, be creative when creating your passwords.
As per Google recommendations, do not use any words from the dictionary. You should also have a different password for each website. If you have memory issues, you can install free password manager software. Avoid the use of keyboard patterns and sequential numbers. To make your password more unique, include special characters and numbers. You can probably include punctuation marks and number, or a mixture of capital letters and lowercase numbers. With the virtual criminals on the loose, you cannot afford to make a mistake that can be avoided.
If you feel like your password is weak, or worse, one of the common passwords above, go and change it NOW before it’s too late!

Data source: Unmasked: What 10 million passwords reveal about the people who choose them, WP Engine, 2015