By Melissa Locker
December 13, 2018

Everyone knows that internet security is important and the first line of defense is a strong password, but when every single website, online store, and app requires a password sometimes people get a little lazy. After all, who is going to hack the account you set up that website to get your dog’s face printed on socks or, say, your Marriott account? Well, maybe you’ll get lucky and no one will hack your account, but if you make your password too easy it just might end up on SplashData’s annual list of Worst Passwords of the Year.

They just released the eighth iteration made up after evaluating more than five million passwords leaked on the Internet, the company found that despite massive, headline-making data breaches, users continue using the same predictable, easily guessable passwords putting themselves at risk of being hacked and having their identities stolen. 2018 was the fifth consecutive year that “123456” and “password” retained their top two spots on the list while “donald” and “666666” were new additions.

If you are guilty of this, rest assured that you’re not alone. The Pentagon left the passwords on their weapons systems set to defaults and Kanye West had his passcode set to “00000”.

Here is SplashData’s full list of the top 25 worst passwords of 2018. If one of these looks familiar, change your password right now:

1 123456 (Rank unchanged from last year)
2 password (Unchanged)
3 123456789 (Up 3)
4 12345678 (Down 1)
5 12345 (Unchanged)
6 111111 (New)
7 1234567 (Up 1)
8 sunshine (New)
9 qwerty (Down 5)
10 iloveyou (Unchanged)
11 princess (New)
12 admin (Down 1)
13 welcome (Down 1)
14 666666 (New)
15 abc123 (Unchanged)
16 football (Down 7)
17 123123 (Unchanged)
18 monkey (Down 5)
19 654321 (New)
20 !@#$%^&* (New)
21 charlie (New)
22 aa123456 (New)
23 donald (New)
24 password1 (New)
25 qwerty123 (New)

Contact us at editors@time.com.

Read More From TIME

EDIT POST