The top 50 passwords among 10 million leaked logins reveal a lot about what we can do to improve security on the Web. Is your password “123456”? Even if it’s not, keep reading.

A report by WP Engine from 2015 analyzes passwords gathered from the Web and shared openly for security research purposes. Based on frequency, WP Engine estimates that 16 out of 1,000 passwords could be guessed simply by using the top 10. 

“Unmasked: What 10 million passwords reveal about the people who choose them” describes the average length of passwords (8 characters), average strength (weak), and demonstrates how most people use passwords that are easy to crack because the words, numbers, or keyboard typing patterns they use are predictable.

Someone could access your email or other accounts simply by guessing your password. Or hackers may get hold of breached data from a service you use, and figure out how to reveal your password and try it across multiple other services. If you use the same password as thousands of others, you become an easier target for attackers.

Here’s the good news: Using a password manager, automatically generated passwords, and two factor authentication can really help keep your data safe. With unique, strong passwords, we easily improve our individual security and can even protect Internet-connected devices from global scale attacks that endanger Internet health.

The top 50 most commonly used passwords

The 50 most commonly used passwords

Data source: Unmasked: What 10 million passwords reveal about the people who choose them, WP Engine, 2015