Organizations need to steer users away from common, weak passwords, including such standbys as '123456' and seemingly random names If you think you’re outsmarting potential hackers by using a random noun such as “monkey” or “shadow” as your password or a name such as “bailey” or “ashley,” think again. All four rank up there with old favorites such as “123456” or “qwerty” among the top 25 most commonly used passwords of 2011, according to security and search application vendor SplashData. Swapping out the “o” in “password” for a zero won’t protect you from a hacker’s password-cracking tools, either.Left to their own devices, too many users still can’t resist the allure of using dangerously simple passwords, such as strings of sequential numbers (“123456” or “654321”), series of letters that sit side by side on keyboards (“qwerty” and “qazwsx”), or passwords that demonstrate little to no imagination (“password” and “111111”). Other users evidently attempt to avoid overly common words or strings of numbers and letters in favor of proper names, types of animals, interests, or short sentences. Alas, many users think alike, so an abundance of them rely on passwords such as “michael,” “monkey,” “baseball,” and “iloveyou,” all of which reside on SplashData’s top 25 list.The complete list, which SplashData compiled from files containing millions of stolen passwords posted online by hackers, is as follows: password12345612345678qwertyabc123monkey1234567letmeintrustno1dragonbaseball111111iloveyoumastersunshineashleybaileypassw0rdshadow123123654321supermanqazwsxmichaelfootballGiven how much havoc a malicious hacker can wreak after getting a single user’s login information (especially if the user happens to have elevated privileges on a corporate network), SplashData’s list should serve as a keen reminder to IT admins the importance of strong password policies. Per InfoWorld Security Adviser Roger A. Grimes, not even a complex six- to eight-character password — that is, one composed of letters, numbers, and special characters — will suffice in today’s increasingly penetrable cyber world.One of the challenges of complex passwords is remembering them, which explains at least part of the reason so many users gravitate toward simple strings. Security experts recommend a handful of password-creation strategies to make the task easier and which admins could pass on to users.For example, users could combine phone numbers and street names from their past into a single password, swapping in special characters and capital letters for good measure. For example, if your childhood phone number was 987-3671 and you lived on Westhaven, you could come up with a password such as 987wEst+havEn3671. Beyond requiring strong passwords, organizations and users also need to cut down on password reuse — that is, using the exact same password for different personal and work accounts.One other point: Developers who have dragged their feet in encouraging or at least allowing users to employ complex passwords should reconsider and recode, as necessary. Users, whether customers or employees, may not be immediately thrilled with having to think of a password that’s harder to remember than “111111.” In the long run, it’s better for the user and your organization if you have strong passwords protecting your apps.This article, “Stop using these 25 passwords today,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter. AuthenticationEndpoint Protection