I’m the kind of person who uses the same passwords for pretty much everything. This makes me an idiot on two accounts (no pun intended). For one, it’s the equivalent of pinning a big digital sign that says: “Hey, please rob me”. For two, I’ve advertised this fact on a fairly well-read internet publication.

However, there is a reason I’m sharing this information and I’m not too scared about internet theft because I really don’t have much to steal. Either way, a study has revealed the top twenty-five passwords that were stolen in 2015 and the results might alarm you (cue cheesy 90s hacking montage).

People often complain about how much websites require from you when you make a new password. Not only does it need to be over eight characters on most sites but you’ll probably need upper and lowercase letters, a symbol, a strand of your hair, the name of your first-born and medical records… okay not that much but it can be excessive.

There is a really good reason for this. Contrary to your popular belief, people that steal passwords are probably a lot smarter than you. That’s at least what we have to assume after reading the list of the 25 most common. “qwerty”… come on?!

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. football

8. 1234

9. 1234567

10. baseball

11. welcome

12. 1234567890

13. abc123

14. 111111

15. 1qaz2wsx

16. dragon

17. master

18. monkey

19. letmein

20. login

21. princess

22. qwertyuiop

23. solo

24. passw0rd

25. starwars

A good rule of thumb (again, pun not intended) is to watch your hands as you type your password. If you’re obviously tracing a pattern or someone else watching can easily see what you’re typing, it’s probably easy to hack.

Professional Whistleblower and Joseph Gordon-Levitt look-a-like, Edward Snowdon recommends that people use pass codes instead of words or number combinations. Things like: “L00KIsTh3Best4evs” is a much stronger password than some memorable date.

Do the smart thing and change your password as often as you can…