By Jeanine Skowronski
Despite all of the data breaches and scams that have proliferated over the last few years, we sure love our bad passwords.
For the fifth year in a row, “123456” and “password” topped password manager provider SplashData’s annual “worst passwords” list. Its latest version was compiled from more than 2 million leaked passwords mostly held by users in North America and Western Europe during the year. New and notable entrants include “starwars,” “solo” and “princess” — undoubtedly tied to the massively successful debut of Star Wars: The Force Awakens this year.
Meanwhile, other repeat offenders were “dragon” (No. 16), “111111” (No. 14), and “letmein” (No. 19).
Of course, it wasn’t all bad news on the password front this year, as SplashData notes that websites and users were at least trying to be a bit more secure by lengthening their terrible passwords.
“For example, ‘1234567890’, ‘1qaz2wsx’ (first two columns of main keys on a standard keyboard), and ‘qwertyuiop’ (top row of keys on a standard keyboard) all appear in the top 25 list for the first time,” SplashData wrote in a press release, before pointing out that “they are each based on simple patterns that would be easily guessable by hackers.”
The top 10 worst passwords of 2015 are:
How to Set Strong Passwords
Strong passwords are important because they help keep hackers from getting into important accounts and/or getting a hold of sensitive personal information that can be used to steal your money or, worse, your identity. A strong password generally mixes letter, numbers and special characters, uses both upper- and lowercase letters and is at least 10 characters long. They also don’t include your name, birthdate, common words, simple pop culture references (ahem, The Force Awakens) or any information (like, say, the name of your dog or cat) that can be easily found on social media.
Remember, it’s also in your best interest to change passwords often and to refrain from using the same one across accounts. Plus, if you have any reason to believe your personal or payment information has been compromised, you should keep a close eye on your financial accounts and your credit report. You can do the latter by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your two free credit scores each month on Credit.com. Signs your identity has been stolen include a sudden drop in credit scores, mysterious lines of credit you’ve never opened and unfamiliar addresses.
This article originally appeared on Credit.com.