Would you use the password 123456? It's hard to believe, but this actually tops the list of last year's most common passwords, being used by a staggering 17% of users. Other beauties in the top ten include 'qwerty', '11111' and 'password'.
More than half of people use one or more of the top 25.
As Keeper Security, which compiled the list, concludes: "a sizable minority are never going to take the time or effort to protect themselves."
Some people think they're being clever by picking, for example, '987654321' - but this is unlikely to do little to baffle any fraudsters.
"Dictionary-based password crackers know to look for sequential key variations," says Keeper. "At best, it sets them back only a few seconds."
The more random passwords on the list - 18atcskd2w, for example - are believed to have been use by bots, probably for posting spam on chat boards.
Whatever else you leave in your will - don't forget your passwords
If you're using any of these passwords yourself, it goes without saying that you should change it. But what should you change it to?
Best advice is to create a password with a mix of uppercase and lower case letters, along with numbers and typographical characters such as '&' or '+'.
One clever trick is to generate a password from a sentence you're sure to remember: 'my rent at home is £500 a month', for example, becomes 'mr@hi£500am', for example.
Don't use the same password across multiple sites: if one site is cracked by hackers, they'll try the same password on other accounts.
Don't keep changing your password, advises GCHQ
But there's some disagreement as to whether you should change your passwords regularly - something that used to be generally advised. Last year, security service GCHQ said it can be dangerous, because our memories simply aren't up to the job.
"The new password is... more likely to be written down, which represents another vulnerability," it says.
"New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords."
Of course, you can always use a password manager, such as Keeper's own.
Why are we still telling people our passwords?
The top 25 most common passwords of 1016