Seems like ‘monkey’ is still popular.
Worst Passwords of 2012 — and How to Fix Them
http://splashdata.com/press/PR121023.htm
My favorite approach is using multifactor authentication w/LastPass , application-specific passwords, and not even knowing your passwords, but here’s an approach from Steve Gibson (counter argument here).