The 25 Worst Passwords of 2012 and 2013

If any of your passwords are on this list, then shame on you -- 

and go change them now.

SplashData, which makes password management applications, has released its 2013 list of the 25 worst passwords based on files containing millions of stolen passwords posted online in the last year. “123456″ now tops “password,” which normally leads the round-up.

Here’s the full list:

123456

password

12345678

qwerty

abc123

123456789

111111

1234567

iloveyou

adobe123

123123

admin

1234567890

letmein

photoshop

1234

monkey

shadow

sunshine

12345

password1

princess

azerty

trustno1

000000

“123456″ and “123456789″ were a couple of the most popular passwords believed to belong to Adobe users, according to a list published by security consulting firm Stricture Consulting Group in Nov. 2013 after Adobe confirmed a customer data breach a month earlier. That would also explain why “adobe123″ is at number 10 and “photoshop” is at number 15 on SplashData’s 2013 list.

Morgan Slain, CEO of SplashData, said in a statement: “Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing.”

LIST: These Are the 25 Worst Passwords of 2012

If any of your passwords are on this list, then shame on you — and go change them now.

SplashData, which makes password-management applications, has released its annual Worst Passwords list compiled from common passwords that are posted by hackers. The top three — “password,” “123456″ and “12345678″ — have not changed since last year. New ones include “jesus,” “ninja,” “mustang,” “password1″ and “welcome.” Other passwords have moved up and down on the list.

The most surprising addition is probably “welcome.”

“That means people are not even changing default passwords,” SplashData CEO Morgan Slain tells TIME Tech. “It doesn’t take that much time to make a new password.”

You should have different passwords for all your accounts. To make it easier to remember them all, Slain suggests thinking about passwords as “passphrases.” For instance, use a phrase like “dog eats bone” and add underscores, dashes, hyphens and other punctuation marks to satisfy the special-character requirement: “dog_eats_bone!”

(MORE: Two-Minute Video: How to Create Strong Online Passwords)

Here’s the full list:

1. password

2, 123456

3. 12345678

4. abc123

5. qwerty

6. monkey

7. letmein

8. dragon

9. 111111

10. baseball

11. iloveyou

12. trustno1

13. 1234567

14. sunshine

15. master

16. 123123

17. welcome

18. shadow

19. ashley

20. football

21. jesus

22. michael

23. ninja

24. mustang

25. password1

If any of your passwords are on this list, then shame on you and go change them now.

How to Check If Your Accounts Have Been Hacked

Every few weeks brings another report of email and other personal account information being stolen from a major corporation. Last month a massive viral botnet was discovered stealing the info of over 2 million accounts from Facebook, Google and Yahoo. And the months before that, the details of a whopping 152 million accounts were stolen from Adobe. This may leave you wondering if one of your many accounts across the internet has been exposed, but how do you tell? There are a slew of sites out there that consolidate the publicly available details from all the major hacks and let you search to see if your email is among them. Some are more useful than others, and some may simply be fronts for email harvesting services, so you need to be careful which you use. Our favorite, haveibeenpwned.com, tells you whether your information has been stolen, where the hack occurred and which of your personal details were compromised (e.g., user name, password, password hints, etc.). So what do you do when you find one of your accounts has been compromised? It’s time to create a new password and I don’t mean your birthday, pet’s name or the word “password.” You need your password to be smart, but not so complex you forget it. Try for at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as “!,” “#” and “?.” It should be something you can remember easily. A long sentence works well when you take the first letter of each word and then substitute the vowels for numbers or symbols. For example: The quick brown fox jumped inside the orange box and slept = Tqbfj1t0b&s We also recommend creating a different password for every site and using a password manager program to keep track of them all. There are both browser password managers and app-based services. And remember that when it comes to setting up new passwords, it’s smart to lie when filling out password security questions. Most of the questions have answers that can be easily discovered by basic Google searches about you. You can never be too careful with your privacy on the Internet. For further steps you can take, check out our 11 Simple Ways To Protect Your Privacy.