Most people know that “password” or “[insert your last name]1234″ aren’t the best choices for passwords, but how many of you have exactly that for the slew of sites that require you to register a username and password?

According to SplashData’s annual list of worst Internet passwords of the year, “password” is ranked #1.

Mashable has more on the list, which SplashData creates from stolen passwords posted online by hackers:

The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.

Here’s the full list in ranking order:

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

What should you do if your password is on this list? Experts say: Change it now. Mashable reports SplashData CEO Morgan Slain as saying hackers will try to break into accounts first by using common passwords. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft,” Slain said.

Gizmodo reports that the list is fairly similar to previous years, so the common passwords hackers try haven’t changed that much.