Yes, "starwars" is an easy password to remember, and that's important when you've got 15 different accounts to log into every month.
But it's a terrible option.
And "starwars" came in at No. 16 on the list, meaning it's a "weak, easily-guessable" phrase, according to SplashData. It's the highest-ranked specific pop culture reference on the list.
“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words," said Morgan Slain, CEO of SplashData.
Here's a look at the 12 worst passwords from the year:
Look through the entire top 100 list and some funny patterns emerge.
What's in a name?
Taking up slots 31-33 are "robert," "matthew" and "jordan," with "daniel," "andrew," "andrea," "buster" and "joshua" following in the top 40.
More names – "maggie," "martin," chelsea," and others – are scattered throughout the rest of the top 100.
Watch your language
Some people like swear words. "A**hole" is No. 34 on the list, while "f**kyou" is No. 52. ("Biteme" at 91 comes from that same well of anger.)
I'll just pick a random noun
Some of the delightfully random objects people used as a password: "monkey," "dragon," "cheese," "tigger," "banana," "cookie" (though maybe that's Empire-related) and "golfer."
How about rows and columns?
Hitting a bunch of keys in a row isn't particularly clever.
"Qazwsx" for example isn't great. Nor is adding the numeral above to make it "1qaz2wsx." Reversing it to "zaq1zaq1" is still bad.
The "qwerty" or "asdf" strings are easily guessable too.
... Come on
No, "password" is not a good password.
"Admin" and "login" ... come on.
And "aaaaaa" – really?
What makes a good password?
SplashData estimated about 10 percent of people have used at least one of the bad passwords on the list. And the CEO Slain said they hope this prompts people to think about better protecting themselves online.
So what's a good password?
Minnesota IT Services suggests at least eight characters, and with a combination of numbers, letters and symbols. (You can throw in some capital letters too.)
Recent research found a longer password is better than a symbol-filled shorter one. The Wall Street Journal wrote about new guidelines that say a memorable string of words is safer than short gibberish.
"Correcthorsebatterystaple" could take 550 years to crack, the story says, while "Tr0ub4dor&3" might take only a few days.