It’s that most wonderful time of the year. The air is freezing, leaves are long gone and SplashData has compiled its annual list of the most stolen passwords that were made public over the last year. With an entire keyboard of letters, numbers and symbols at the ready, you’d think people would be a bit more creative when it comes to protecting their private data. You’d also be very wrong.

This year’s list features a handful of newbies but, for the most part, it would appear we haven’t really learned our lesson. Per Gizmodo, here is top 25:

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

It’s probably a good idea to go change your password right now. And for goodness sake, make it something original.