The most popular passwords in 2014 were also the most obvious —leading security experts to once again urge people to change their passwords.

As with 2013, variations on passwords like 123456 continue to be the most popular passwords. Other obvious choices such as “password” and “qwerty” are also in the top five.

But other new (if still easily guessable) passwords have made the list, including “696969” and “batman”.

The data is compiled from leaked passwords in 2014, by password company SplashData. The passwords used were mostly from North American and Western European leaks — a large batch of leaked passwords from Russian accounts were excluded from the list, for example.

SplashData recommends using passwords of eight characters or more, with mixed types of characters such as numbers or special letters. It also suggests not using the same username and password on multiple websites — a process that can be helped out with automatic password management programs like Dashlane, LastPass, or SplashID itself.

The full list of the worst passwords is:

1 123456 (Unchanged from 2013)

2 password (Unchanged)

3 12345 (Up 17)

4 12345678 (Down 1)

5 qwerty (Down 1)

6 1234567890 (Unchanged)

7 1234 (Up 9)

8 baseball (New)

9 dragon (New)

10 football (New)

11 1234567 (Down 4)

12 monkey (Up 5)

13 letmein (Up 1)

14 abc123 (Down 9)

15 111111 (Down 8)

16 mustang (New)

17 access (New)

18 shadow (Unchanged)

19 master (New)

20 michael (New)

21 superman (New)

22 696969 (New)

23 123123 (Down 12)

24 batman (New)