01/20/2015 12:20 EST | Updated 03/22/2015 05:59 EDT

25 worst passwords of 2014: Is yours on the leak list?

If your password is on the list below you had better change it.

The 25 most common passwords among 3.3 million that were leaked online last year were once again "123456" and "password," according to a company that provides password management software.

SplashData, based in Los Gatos, Calif., said the top two passwords this year were the same as in 2013. The company  has compiled the list annually since 2011.

New additions to the Top 25 for 2014 include: baseball, dragon, football, mustang, access, master, michael, superman, 696969 and batman.

Common passwords are much easier for cybercriminals to guess. That makes users vulnerable to having accounts such as email and online banking hijacked and their identities stolen.

Sensitive data such as passwords are often posted online by hackers who steal them during attacks on websites and corporate networks. This year, most of the passwords came from users in North America and Western Europe.

Based on its analysis, SplashData recommends that when crafting your password:

- Don't use keyboard patterns e.g. "qwertyuiop" from the top row of letters

- Don't use a favourite sport – baseball and football were both in the Top 10, with hockey, soccer and golf in the Top 100.

- Don't use your birthday or birth year. People in their early 20s seemed to be especially guilty of this, with the years 1989 to 1992 all in the top 100.

- Don't use common names – michael, jennifer, thomas, jordan, hunter, michelle, charlie, andrew and daniel were all in the Top 50.

Here's the entire list:

- 123456

- password

- 12345

- 12345678

- qwerty

- 1234567890

- 1234 

- baseball

- dragon 

- football

- 1234567 

- monkey 

- letmein 

- abc123 

- 111111 

- mustang

- access 

- shadow

- master 

- michael

- superman 

- 696969 

- 123123 

- batman 

- trustno1