With how much you probably hear about password security, it's easy to drown out the advice and continue on with your old habits. But weak passwords are such a common problem and open you up to so many vulnerabilities that it's vital to take them seriously.

Protecting your accounts with weak passwords is like leaving all your doors unlocked. Just because you've never been robbed before doesn't mean it's safe to abandon the protection that locks offer.

Let's look at some of the most common password mistakes that you must avoid to keep yourself safe online.

The World's Most Common Passwords

Each year, security companies publish data on the most common passwords. They get this information from data breaches, allowing them to see what would otherwise be private information.

The exact rankings of the passwords change every year, but in lists of the most common passwords (such as the one on Wikipedia), these are always some of the most popular:

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 111111
  6. 123123
  7. qwerty
  8. abc123
  9. iloveyou
  10. admin

Clearly, these passwords are all atrocious. Using them is as good as having no password at all. Anyone trying to break into an account is going to try simple passwords like this right away—since they're the most common, it makes sense.

However, if you think you're safe just because your password isn't on that list, don't get too comfortable. These passwords are bad because they illustrate characteristics of easily hacked passwords, and it's possible that your own password does too.

Below are specific explanations of weak password trends and why they pose such a problem.

1. The Obvious Password

Many of the most common password are all variations of consecutive numbers. Passwords like 123456 and even the longer 1234567890 offer no security. We can assume that people use passwords like this because they are super easy to type. All it takes is running your fingers from left to right across the number row.

This also applies to passwords like qwerty and qwertyuiop. They aren't random strings of characters—they're a row of keys on the keyboard that everyone knows.

Password Security Weak

Remember that while a password can be memorable to you, passwords should not be easy. A lot of people forget this, and don't think about the fact that using an obvious password you came up with in five seconds is not going to protect your account.

Common passwords like these don't even require a potential hacker to run cracking software or steal your password from a breach. If someone could try the top 50 passwords manually and break into your account, you have a weak password.

2. The Default Password

It's astounding that password is as widely used as it is. A lot of devices, such as wireless routers, come with that as the default password. However, most of these devices also include warnings that you need to change the default password to something more secure once you've logged in.

Related: Simple Tips to Secure Your Router and Wi-Fi Network in Minutes

Unsurprisingly, a lot of people are lazy and either refuse or forget to change default passwords. It takes little effort to break into someone's Wi-Fi network if they use the default password. There are entire websites devoted to cataloging the default passwords for various router models, which are freely accessibly for anyone to view.

So whenever you get a new device or account and you're given a default username and password (such as admin/password), do yourself a favor and change it immediately. Default passwords are like a rusted-out lock that someone can just pull off your gate.

3. The Short Password

One of the most important aspects of a strong password is its length. Every additional character—whether it's a letter, number, or symbol—expands the possibility space and makes your password exponentially harder to crack.

Think about it like this: if someone had a one-character password and you had unlimited attempts to crack it, it would probably only take you a few minutes to try every option on your keyboard. Increase that to a two-character password, and now you have to deal with figuring out both characters. And because there are thousands of combinations, it would take you much longer to crack the password by hand.

Google Account Short Password

This scales to advanced password cracking. Someone who has software to brute-force a password (by trying every possible combination) would be able to break a short password of six or eight characters pretty quickly. However, for a password that's 16 characters or longer, it would take much longer to cycle through every possible combination.

Whenever possible, make your passwords long. Aim for a minimum of 12 characters, using more if possible. This will deter brute-force attacks.

4. The Password With No Numbers or Symbols

Password length isn't the only important factor in how strong it is. Adding in both uppercase and lowercase letters, as well as numbers and symbols, lets you maximize the number of possible choices for each character in your password.

If you only use lowercase letters, you have 26 possible choices per character. With an eight-character password, that's 26^8 (about 208.8 billion) possible combinations.

However, if you use uppercase letters, lowercase letters, and numbers, there are now 62 possible choices per character. With the same eight-character password, those 62 characters provide 62^8 (about 218.3 trillion) possibilities.

That's a colossal difference, and doesn't even factor the dozens of available symbols into account!

None of the most common password have any symbols in them, which is not a coincidence. Use a healthy mix of character types, and your password will be very difficult to crack with brute force alone. If you need help, use a tool like Security.org's password strength checker to see how long it would take a computer to crack your password.

5. The "L33T SP34K" Password

When you add numbers and symbols into your password, there's a caveat you need to know about. If your password contains complete words, never make simple letter-to-number or letter-to-symbol substitutions for individual characters.

For example, if your password is cableCABLE, don't replace the a with @, the l with 1, the A with 4, and the E with 3. You might think the resulting password (c@b1eC4BL3) is a lot stronger than the original, but there's a good chance it isn't.

People who work to break passwords know that people like doing this, so if someone tries to break into your accounts, they're going to try all these substitutions anyway. This reinforces the idea that you should strive to make your password topology---meaning the pattern that your password uses---as random as possible.

For instance, a common password topology for an eight-character password would be an uppercase letter, followed by five lowercase letters, and finally two digits. The password Daniel87 falls under this common topology. While it's still not particularly strong since it uses a name, switching this to dan8iEl7 would be better, as it's not a predictable topology.

6. The "Personal Info" Password

So far, we've mostly focused on how to protect your password from people cracking it. However, another common way that passwords are compromised is from somebody guessing them.

As such, whenever you're coming up with a new password, never include any personal details. A good password should have no relation to you whatsoever. A lot of people use a password that includes basic info about them like their year of birth, pet's name, or something they enjoy.

Related: Types of Information You Should Never Post Online

This makes guessing your password much easier for people who know you (or find you on social media). Think about how much info you've shared about yourself online, and you'll definitely want to reconsider using these widespread details as the protection to your online accounts.

7. The Pattern Password

While they might look complex at first glance, passwords that use a pattern of keys on the keyboard aren't really strong at all. You should never resort to an overly simplistic pattern, like 1qaz2wsx, 123qweasd, or similar. There's no randomness to these passwords, making them another easy choice when someone is trying to guess yours.

However, you can still use patterns this to your advantage. With muscle memory, it's possible over time to memorize long, unwieldy passwords that are otherwise nonsensical. Just make sure they're totally made up and don't have an obvious pattern on the keyboard.

This advice is more important in situations that require a PIN made up of only digits. Whether you're protecting your smartphone's lock screen or setting protection for an ATM, don't use basic patterns such as 1379 (the four corners) or 2580 (right down the middle row).

A four-digit PIN only has 10,000 possible combinations, so you should opt for a longer number if possible. But in any case, don't use an obviously identifiable pattern for any kind of secure combination.

Use a Password Manager for Best Results

It's difficult to follow all of these rules for every account you need to protect online. This is especially true when another common password problem is using the same password across multiple accounts. If someone figures out your password to one site, they're going to try it everywhere else with your email address.

The best solution is to start using a password manager. These apps allow you to generate completely random passwords that are as long as you like, and lock them in a vault that opens with your one master password. Make that master password strong, and it's the only one you need to remember.

This takes away the worries of coming up with strong but memorable passwords on your own.

Passwords Are Vital for Your Online Safety

By looking at the most common issues with weak passwords, you can improve your own password hygiene. Avoid making the mistakes that lead to people's passwords being compromised to help protect yourself from the same fate.

And while password security is important, even the strongest password won't protect your account if it gets exposed in a breach. That's why we recommend using two-factor authentication everywhere it's available for another layer of defense.