This is something of a different year-end list, and one you should probably take a peek at. For nearly a decade, digital security company Splash Data has released a list of their top 100 hackable passwords for the year. Although the list changes slightly from year to year, the most hackable passwords seem to stay pretty static. And yet people just don’t seem to learn! With a new year about to begin, there’s no better time than now to make sure your password is unhackable in the new year.

Using over 5 million hijacked passwords that were made public over the past 12 months, (except those stolen from adult websites and any swiped during the Yahoo hack), Splash Data hopes to get people thinking about internet security by releasing the list each year. But what passwords are on the list?

The top ten are actually really surprising, considering these are passwords no one should still be using. In 10th place, ‘iloveyou,’ followed by ‘football,’ ‘1234567’ and ‘letmein’ in spots nine, eight and seven (a new seventh place for this password). New in at number six is ‘123456789’ and fifth place sees 12345 which has dropped two spots. Fourth place sees ‘qwerty’ up two from 2016, and third place goes to ‘12345678.’ Second spot, unchanged from last year, is, shockingly, ‘password.’ And the number one most hackable password in 2017 is ‘123456’ — for the fourth year in a row.

If these passwords surprise you, or if your password is on this list, one of the best ways to make your password unhackable, is to use a three or four-word string. Even though many sites do ask for a symbol and a number, that should be going away as length, not complexity makes a strong password. Not quite a sentence, but some easy to remember words, in the right order is something very difficult for hackers and bots to figure out. Some strong examples of this are ‘dogcarapplegame’ or ‘robotlotionhappy.’

Obviously, when possible two-step authentification is the way to go when it comes to securing your stuff, but not all websites offer this service. And remember, that top 100 list that Splash Data put together has a lot of pop culture references on it, so avoid words that may have significant meaning to the times, like ‘dragon’ (GoT much?), ‘Jordan23’ or even sports team names.

Have you ever been hacked? Tell us @BritandCo!

(photo via Getty)