What’s your online banking password? I bet I can guess. Is it “123456?” No? How about “dragon?” I got it, didn’t I? You should really change your password.

Password management app company SplashData has released its annual list of the 25 most common passwords found online, a designation that makes them the “Worst Passwords” of 2014. Having one of these easily guessable codes leaves your information more vulnerable than that of people who put a little more thought into it.

This is SplashData’s fourth annual report, compiled from more than 3.3 million leaked passwords during the past year. “123456”and “password” hold the top two spots, where they have sat since the inaugural 2011 ranking (though I think they have switched places with each other). Other passwords in the top 10 include “1234,” “12345,” “12345678,” and “1234567890.”

Ingenious! They’ll never crack that code.

According to a press release, passwords appearing for the first time on SplashData’s list include “696969” and “batman,” while “iloveyou” is one of nine passwords from 2013 to fall off this year.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.” (Don’t use “qwertyuiop.”)

You think you can cheat those annoying rules of companies who feel they have to take it upon themselves to create those annoying guideline – Your password must be 12 digits long, contain letters and numbers, plus one capital letter, but not a capital city, plus punctuation, but no question marks, cannot contain your name or any personal information, cannot contain sequential letters or numbers, cannot contain three or more of the same characters in a row – but you’re only hurting yourself.

Other tips from SplashData include not using a favorite sport. “Baseball” and “football” are in the top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as many beloved teams such as “yankees,” and “lakers” are also in the top 100. (Not sure about “bluejays.”) Don’t use your birthday or birth year, or just your name.

The list seems to suggest that people don’t always take the task of setting a password seriously. Nobody thinks identity theft or hacking is going to happen to them. But it can. You should be more careful.

Here are the top 25 “Worst Passwords of 2014”:

    1. 123456 (Unchanged from 2013)
    2. password (Unchanged)
    3. 12345 (Up 17)
    4. 12345678 (Down 1)
    5. qwerty (Down 1)
    6. 1234567890 (Unchanged)
    7. 1234 (Up 9)
    8. baseball (New)
    9. dragon (New)
    10. football (New)
    11. 1234567 (Down 4)
    12. monkey (Up 5)
    13. letmein (Up 1)
    14. abc123 (Down 9)
    15. 111111 (Down 8)
    16. mustang (New)
    17. access (New)
    18. shadow (Unchanged)
    19. master (New)
    20. michael (New)
    21. superman (New)
    22. 696969 (New)
    23. 123123 (Down 12)
    24. batman (New)
    25. trustno1 (Down 1)

See how this list compares to last year’s list here. And, for amusement purposes, here’s a video on the frustrations of changing your password.