SplashData, a Password management firm, has released its annual list of the 25 most common passwords found on the Internet. The company, which analyzed the more than 3 million passwords leaked online last year, announced that the most common leaked password in 2014 was “123456,” followed by “password” — both has kept the first and second place for another year. Nine of the top 25 worst passwords contained only numbers, from variations on “123456” to “111111”.

Other popular password combinations included “qwerty” is at 5th place; “dragon” in 9th and “monkey” is at 13th. Furthermore, the film industry has had influence this year, with two new comic-themed characters like “superman” and “batman”.

Number sequences common offenders always rank highly on “worst password” lists. However, sports terms like “baseball” and “football” were used more often, as well as words related to favorite sports teams — “yankees,” “eagles,” “steelers,” “rangers” and “lakers” all made the top 100.

Birthday years were common too especially just your birth year like 1989, 1990, 1991, and 1992 and names like “Michael,” “Jennifer,” “Michelle” and “Hunter” are also among the top 100 worst passwords of 2014.

Here’s a look at the top 25 worst passwords of 2014. If yours is included, seriously think about making a change.

1. 123456 (Unchanged from 2013) 2. password (Unchanged) 3. 12345 (Up 17) 4. 12345678 (Down 1) 5. qwerty (Down 1) 6. 234567890 (Unchanged) 7. 1234 (Up 9) 8. baseball (New) 9. dragon (New) 10. football (New) 11. 1234567 (Down 4) 12. monkey (Up 5) 13. letmein (Up 1) 14. abc123 (Down 9) 15. 111111 (Down 8) 16. mustang (New) 17. access (New) 18. shadow (Unchanged) 19. master (New) 20. michael (New) 21. superman (New) 22. 696969 (New) 23. 123123 (Down 12) 24. batman (New) 25. trustno1 (Down 1)

Mark Burnett, online security expert and author of “Perfect Passwords”, who has participated on the list with SplashData. “The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” Burnett said. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

Companies like Facebook, Twitter, Gmail, and Apple are now trying to make hacking more difficult on their services by offering two-factor authentication. Whenever you want to log into that account, they will send a code to your phone. The code will change for each login attempt. Hence hackers would have to be in physical possession of your smartphone to know the code.

Additionally, SplashData advises its customers to do at least one of three things when it comes to password protection:

1. Passwords should be more than eight characters long and you should avoid words with personal information, like your birthday and favorite color. 2. Try not to use the same username and password combination for multiple sites. 3. Use a “password manager” which creates unique passwords for its users.