When it comes to passwords, some people just don’t understand that they should be something that takes a little bit of effort to guess, and isn’t just the first six or eight numbers you can prattle off. And yet, the worst passwords of the year indicate some people still haven’t learned.

The year 2014 may be over, but we’re still learning some things about it, like the sort of passwords people use, and just how bad they can be.

Security company SplashData this week released its list of terrible passwords that are used by people around the world, and if you’ve ever been afraid of just how secure — or insecure — your password is, you better make sure it’s not on this list.

Because it’s a list that starts with what has to be one of the worst passwords in use ever, and that is “123456”.

Unbelievably, this is the same password that led the list in 2011 when SplashData reported the worst passwords back then too, and it’s still sitting at the top, alongside that of “password”.

These two passwords are joined by ever imaginative variations on a theme, such as “1234”, “12345”, “1234567”, “12345678” and “123456789”. Seriously. We couldn’t make this up if we tried.

Also joining the numerical sequences that are some arbitrary terms that are likely easy to remember — “football”, “dragon”, “monkey” — as well as a password made out of frustration with “letmein” and one that every English-speaking keyboard on the planet can do without trying, “qwerty”.

Superheroes are also popular options, with “superman” and “batman” now ranked as bad passwords this year.

We shouldn’t have to say this, but these are not secure passwords, and if you have something in this article as your password, you really owe it to yourself and your data to change it quickly.

Fortunately and timely, AVG has chimed in this week with some password tips in case you are struggling to come up with something stronger than “12345678910” which wasn’t listed here, but we seriously hope you’re not considering right now.

According to AVG’s Security Advisor, Michael McKinnon, one method to succeed at password security is to pick three random words that together total 12 or more letters — such as apple muscle truck — then add some symbols, numbers, or capital letters — so now we have 1AppleMuscleTruck! — and then depending on the site you’re at, add a different letter combination based on the site you’re logging in at.

For instance, if you login at Facebook, the password might be “1AppleMuscleTruck!Face”, while Twitter could manage “1AppleMuscleTruck!T”, and so on and so on.

You might be wondering why we have different passwords on a site-by-site basis? Quite simply, it comes from the possibility of having the passwords leaked, because if they are, you’d probably prefer to change one password for that specific website, rather than the same password at every website.

It’s really important to have a different password for everything,” said McKinnon. “We live in a connected world now so you need to isolate the risk between all the different services you use to ensure that if one is compromised, the others remain secure. We can no longer trust the security of our passwords to a third party, as they can be hacked.”