"123456" and "password", the two easily guessed terms, remain the worst passwords of the year, according to a list released by SplashData, a security applications and services provider, for five consecutive year, tech.sina.com.cn reported.

The list, based on an analysis of 5 million leaked passwords on the internet, compiles the most frequently used passwords of the year, which are thus easy to predict.

Data leak cases have not fallen this year, and there are still a large number of people using weak and easily predictable passwords on the internet, the report said.

Passwords on the top 100 worst passwords list include simple numbers or words, such as "111111", "sunshine", "princess", "666666" and "654321".

Common names like "daniel", "hannah" and "thomas" are also weak passwords. And "donald", first name of US President Donald Trump, for the first made the list this year, coming in at No 23.

"Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations," Morgan Slain, CEO of SplashData, said in a statement.

Slain said by publishing the list, the company aims to convince people to take steps to protect themselves online.

"It is a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year," he added.

It is estimated that nearly 10 percent of people have used at least one of the top 25 worst passwords on the list, with roughly 3 percent using the worst password, "123456," the company said.

The company suggests a password should have no less than 12 mixed characters and each account should have a different password.

The top 10 worst passwords on the list include: "123456", "password", "123456789", "12345678", "12345", "111111", "1234567", "sunshine", "qwerty" and "iloveyou".