In a day and age where digital breaches and stolen data are a constant threat, millions of people still use the word "password" as their online password.
However, that ill-advised password doesn't even claim the crown as the worst password of 2016, according to the annual list of the 25 worst passwords released by SplashData.
For the sixth straight year, the password "123456" took the cake when it comes to putting users at a high risk of identity theft.
The list by SplashData is compiled using more than five million passwords that were leaked last year. Many of them are variations of the top two, such as "passw0rd" and "12345."
"Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies," Morgan Slain, CEO of SplashData, Inc., said in a release. "Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites."
RELATED: The No. 1 emoji of all time is…
There also was a little bit of "Star Wars" flavor when it came to guessable passwords, including "princess" and "solo." The newest additions "hottie," "loveme," and "flower."
The strangest one on the list was "zaq1zaq1," but it becomes apparent when you realize it's just the left column of the keyboard.
Besides not being the type of person who uses "password" as a password, SplashData recommends using passwords of eight characters or more with different types of characters (numbers, symbols, etc.).
The company also recommends not using the same password for multiple websites, and using a password manager to generate random and protected passwords.
Follow TODAY.com writer Scott Stump on Twitter.