When it comes to passwords, people are often disgracefully lazy.

How lazy?

In a study of 275 million passwords recently published by NordPass, over half of those passwords were found to not be unique.

The incredibly complex, character-varied, ingenious sequence of “123456” appeared over 2.5 million times in the database, and was breached over 23,597,311 times. (One has to ask, at that point, why even bother with the password?) The second most popular password “123456789,” which appeared 961,435 times, was breached 7,970,694 times.

Number three was the weak attempt at character-mixing that manifested as “picture1” while number four was the very clever “password.”

Seven of the top 10 passwords consisted solely of number strings. The ones that follow in the lineup are similarly head-shake-inducing, from entries like “11111” to the tasteful “f***you.”

You can check out the full list of the top 200 worst passwords here.

What does this tell us about online security?

While the list is amusing to read, it reveals a more troubling reality: that too many users don’t take their online security seriously. What is especially frustrating is that little effort would be required to ensure that these users had more secure passwords. A password is made more secure by increasing the number of characters, mixing the types of characters (numbers and letters, lowercase and uppercase), and adding symbols.

For those unable to keep track of multiple complex passwords, a great solution is to use a password manager, which will randomly generate complex passwords and store them for you so you only have to remember one password.