Exactly one year ago today, SplashData revealed its third annual list of the top 25 worst passwords found on the Internet. Unsurprisingly, things really didn’t change all that much in 2014 as people continue to use weak passwords despite the consequences.

SplashData compiled its list from more than 3.3 million leaked passwords during the year, most of which were held by people in North American and Western Europe. As we’ve seen in past years’ lists, simple numerical passwords remain common with nine of the top 25 passwords on the list comprised of numbers only.

Perhaps worst of all, however, is the fact that the top two spots remain unchanged from last year. Either way, here’s the complete list of the top 25 worst passwords for 2014.

1    123456 (Unchanged from 2013) 
2    password (Unchanged) 
3    12345 (Up 17) 
4    12345678 (Down 1) 
5    qwerty (Down 1) 
6    1234567890 (Unchanged) 
7    1234 (Up 9) 
8    baseball (New) 
9    dragon (New) 
10    football (New) 
11    1234567 (Down 4) 
12    monkey (Up 5) 
13    letmein (Up 1) 
14    abc123 (Down 9) 
15    111111 (Down 8) 
16    mustang (New) 
17    access (New) 
18    shadow (Unchanged) 
19    master (New) 
20    michael (New) 
21    superman (New) 
22    696969 (New) 
23    123123 (Down 12) 
24    batman (New) 

Although the advice will likely fall on deaf ears, SplashData offers three simple tips to help protect users online.

For starters, it’s best to utilize passwords of eight characters or more with mixed types of characters. What’s more, SplashData urges users to avoid using the same username / password combination for multiple websites and last but not least, the use of a password manager like 1Password or LastPass is a good idea.