According to researchers who reviewed over 10 million security codes that became public following data breaches, numeric combination of '123456' was the most common password of 2016, followed by '123456789' and 'qwerty'.
The study also revealed that four of the top 10 passwords on the list are six characters or shorter.
Passwords '12345678', '111111', '1234567890', '1234567', 'password', '123123', '987654321' were among the top ten list.
The study found that the list of most-frequently used passwords has changed little over the past few years, which means that user education has limits.
While it is important for users to be aware of risks, a sizeable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them, the company said.
Dictionary-based password crackers know how to look for sequential key variations. At best, it sets them back only a few seconds.
Email providers do not appear to be working all that hard to prevent the use of their services for spam, they added.