Millions of people around the world are leaving themselves vulnerable to hackers by choosing weak passwords, with one in every 142 picking '123456', according to an analysis of breached credentials.
While banks, retailers and others experiment with alternative security methods such as fingerprints and behavioural biometrics, passwords still dominate the online world.
And, despite more than a decade of efforts to encourage people to use strong passwords, the message still appears to have passed many by.
Ata Hakçıl, a Turkish computer engineering student has analysed more than a billion leaked credentials pulled from various data dumps.
The results show just under 169 million unique passwords, with the top 100 accounting for 6.6% of all billion-plus. The string '123456' accounts for more than seven million passwords, or 0.72% of all billion-plus.
Meanwhile, only 12% of the passwords contain special characters, while 29% only have letters, 26% are lowercase only, and 13% are numbers only. The average length of a password is 9.48 characters.