It’s that time of year again when the annual list of worst passwords is released and we see that we have learned nothing from our mistakes. This year’s list features the usual suspects, like “password” at number two and “123456” at number one for the fifth year in a row, but in an upsetting turn of events, “donald” makes its debut on the list this year, at number 23.

The rankings come from SplashData, the company behind password management software like SplashID. SplashData analyzed more than 5 million passwords leaked on the internet and found that people are still using easily guessable passwords.

SplashData CEO Morgan Slain calls it “a real head-scratcher” that people continue putting themselves at risk, despite frequent news of highly publicized hacks like Marriott’s recent database breach and the National Republican Congressional Committee hacks during the midterm elections. People are doing exactly what they’re not supposed to do, like using their own names or celebrity names (like the president of the United States) as predictable passwords.

“Donald” sits between two other newcomers to the list, “aa123456” and “password1”. Here’s SplashData’s top 10 worst passwords, which the company desperately hopes will convince people to please change their passwords.

123456 password 123456789 12345678 12345 111111 1234567 sunshine qwerty iloveyou

You can view the rest of the 100 worst passwords here, and if you haven’t already set up a password manager yet, here’s a how-to guide.