The 2017 Verizon Data Breach Investigations Report (DBIR) cited compromised, weak and reused passwords as being the cause of 81% of hacking-related breaches. Two years later, things remain essentially unchanged, with the figure in the 2019 DBIR at 80%.

Despite repeated warnings from cybersecurity experts, people continue to reuse the same letter or number combination for all their accounts, says NordVPN, a personal virtual network provider and creator of the password manager NordPass.

“Most people prefer to use weak passwords rather than trying to remember long, complex ones,” said Chad Hammond, a digital security expert for NordPass. “It also usually means they use the same ones for all their accounts. And if one of them ends up in a breach, all other accounts get compromised, too.”

“2019 has seen the most data breaches in history, and those cyber incidents have affected billions of internet users,” Hammond said. “People struggle creating passwords, and this is one of the main reasons why users stick to the primitive ones.”

The U.K.’s National Cyber Security Center (NCSC) analyzed data from the Have I Been Pwned website and discovered that far and away the most commonly hacked password — used by 23.2 million of those hacked worldwide — was “123456.” Rounding out the top five were “123456789” — 50% longer, but obviously not 50% harder to crack— with 7.7 million users, “qwerty” with 3.8 million users, “password” with 3.6 million users and “1111111” with 3.1 million users.

“Passwords should help protect us instead of putting our privacy in danger,” said Hammond. “It is as important as ever that internet users step up their cybersecurity game.”

So what passwords should you avoid? And what else can you do to make sure your passwords are secure? Scroll through the gallery below to find out.