These are the 25 worst passwords of 2018. Are you the 1 in 10 who’s used one?

It’s more likely that you’ve used a horrible, easily hackable password than you might hope.

Nearly 10 percent of people have relied on at least one of the 25 most shamefully guessable passwords on SplashData’s list of the worst used in 2018, which the Los Gatos, California, password management company has compiled for eight years. Almost 3 percent of people have used the password “123456,” which again reigns supreme as the No. 1 worst password.

The list is based on more than 5 million leaked passwords, though passwords from adult website hacks were excluded, SplashData said. Most of the leaked passwords were from Europeans or North Americans.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” Morgan Slain, CEO of SplashData, Inc., said in a statement. “It’s a real head-scratcher that with all the risks known ... that people continue putting themselves at such risk year-after-year.”

Having strong passwords — and different ones on different platforms — is more important than ever, particularly in light of huge data breaches at companies like Twitter. But a study earlier this year found that people don’t always take appropriate precautions after their passwords leak — and “still reuse the already-leaked passwords for other online services for years after the initial data breach.”

Newcomers to the 2018 worst passwords list include “donald,” “princess,” “sunshine,” “111111,” “666666,” and “password1.” But plenty of crowd favorites from previous years remain on this year’s ranking, including “password” — again coming in at No. 2 — “123456789,” “qwerty,” “iloveyou,” “welcome,” “football” and “monkey.”

Using any of those easily guessable passwords makes it more likely for users to get hacked and have their identities stolen, according to the company.

Slain explained what makes some passwords particularly weak.

“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations,” he said.

So how do you build a better password? SplashData offers a few tips, including using strings of 12 characters or more with different sorts of characters, and using a different password for different platforms and applications.

Here’s the full top 25 list from SplashData, along with the rank last year:

1. “123456 (Rank unchanged from last year)”
2. “password (Unchanged)”
3. “123456789 (Up 3)”
4. “12345678 (Down 1)”
5. “12345 (Unchanged)”
6. “111111 (New)”
7. “1234567 (Up 1)”
8. “sunshine (New)”
9. “qwerty (Down 5)”
10. “iloveyou (Unchanged)”
11. “princess (New)”
12. “admin (Down 1)”
13. “welcome (Down 1)”
14. “666666 (New)”
15. “abc123 (Unchanged)”
16. “football (Down 7)”
17. “123123 (Unchanged)”
18. “monkey (Down 5)”
19. “654321 (New)”
20. “!@#$%^&* (New)”
21. “charlie (New)”
22. “aa123456 (New)”
23. “donald (New)”
24. “password1 (New)”
25. “qwerty123 (New)”

This story was originally published December 13, 2018 at 5:48 PM with the headline "These are the 25 worst passwords of 2018. Are you the 1 in 10 who’s used one?."