Despite a number of major data breaches over the last few months - including the iCloud hack and PlayStation and Xbox leaks - web users are still using ridiculously weak passwords for online accounts.
The most popular passwords on the web in 2014 were '123456' and 'password'.
People who use such weak, easy-to-guess passwords are putting themselves at risk.
The list of the most common passwords was compiled by SplashData and based on 3.3 million passwords that were leaked during 2014.
Other passwords to appear in the top 10 include 'qwerty', 'dragon' and 'football'.
"Any password using numbers alone should be avoided, especially sequences," said Morgan Slain, CEO of SplashData.
"As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure."
More passwords to avoid include your birthday or birth year, your favourite sport or sports team, and your children’s names. Many of these could be found in the top 100 passwords, as well as swear words, athletes, car brands and film titles.
Thankfully, although these passwords were the most common in 2014, they represented just 2.2% of the passwords that have been exposed. That means that most people are paying more attention to their data security.
Here's a full list of the top12. If you have one of these passwords for any important accounts, you should definitely change them.
123456
password
football
12345678
qwerty
1234567890
letmein
baseball
dragon
monkey
abc123