The concept behind creating a password is simple: A unique, uncommon string of characters known only by the owner that’s difficult to guess but also easy to remember. “HorsePhone43,” for example, would be a very good password. Difficult to guess because of the nonsensical word combination, but not terribly difficult to remember. According to SplashData, though, not many people choose “HorsePhone43” as their password. Instead, “123456” tops their list of the 25 most common (and therefore worst) passwords on the internet. Behold, the full list, with changes in position from last year:

1) 123456 (Up 1 from 2012)
2) password (Down 1)
3) 12345678 (Unchanged)
4) qwerty (Up 1)
5) abc123 (Down 1)
6) 123456789 (New)
7.)111111 (Up 2)
8) 1234567 (Up 5)
9) iloveyou (Up 2)
10) adobe123 (New)
11) 123123 (Up 5)
12) admin (New)
13) 1234567890 (New)
14) letmein (Down 7)
15. photoshop (New)
16) 1234 (New)
17) monkey (Down 11)
18) shadow (Unchanged)
19) sunshine (Down 5)
20) 12345 (New)
21) password1 (Up 4)
22) princess (New)
23) azerty (New)
24) trustno1 (Down 12)
25) 000000 (New)

“Password” was the previous undisputed king, and was usurped for the first time by the upstart “123456.” The slightly more ambitious “12345678” remains in third place. What’s most surprising to experts are the additions of “photoshop” and “adobe123,” which refer to the image altering software Photoshop and its maker, Adobe.

“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” says Morgan Slain, CEO of SplashData.

Though many websites are beginning to enforce tighter standards for password strength, numerical sequences remain immensely popular. For maximum security, experts recommend using eight or more characters, including upper and lowercase letters, numbers, and “special” characters, like punctuation. They warn that even some common substitutions, like “sk8erboi,” are still very vulnerable to attacks.

“We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” Slain said.