The three worst passwords haven’t changed since 2011; they’re password, 123456 and 12345678. The new worst passwords added to this year’s list include welcome, jesus, ninja, mustang and password1. Use security phrases with at least eight characters while utilizing a variety of characters within the phrase. Also use multiple passwords across different types of sites, which is another bad practice, especially when mixing, say, entertainment and social networking sites with financial services. Use strong passwords to avoid using the same password for multiple sites.
Source: https://thehackernews.com/2012/10/worst-password-of-2012-how-much-secure.html