What do you think the most commonly used passwords are? Now, after you’ve generated that mental list, as yourself: Is my password secure? Maybe it’s the name of a childhood pet that no one else would know. Or maybe it’s a word with numbers in the place of letters or a phrase that you can remember, but you think no one else can.

Think again.

Here are the top 25 most commonly used passwords of 2015, which were released by SplashData earlier this year:

• 123456
• password
• 12345678
• qwerty
• 12345
• 123456789
• football
• 1234
• 1234567
• baseball
• welcome
• 1234567890
• abc123
• 111111
• lqaz2wsx
• dragon
• master
• monkey
• letmein
• login
• princess
• qwertyuiop
• solo
• passw0rd
• starwars

Now, before you start patting yourself on the back for having a password that’s, a) not on that list and, b) way more complicated, consider this: We humans are bad at making uncrackable passwords. Like, really bad. And guess what? Computers are great at cracking them — really great.

According to Andrew Saunders in Secure Thoughts, it’s pretty near to impossible to win the cyber criminals vs. civilians war if you’re using a common password configuration. For example, if your password is six lowercase letters, Saunders says that it would take a cyber criminal using a freely available password cracking software only 3.2 seconds to figure it out. That’s because that software — which isn’t even the top of the line — can make one hundred million guesses per second. Per second! The software can come up with one hundred million possibilities in the time it takes you type out your simple password.

And when we look at the higher end software that cyber criminals have developed in order to get access to your password, that speed goes up to 350 billion passwords per second. Saunders point out that, with that kind of speed, there’s basically no way your password won’t be guessed, even if it’s a letter/number substitution one like, for example, F00tB4ll.

Here’s another thing you might not know: When cyber criminals are attempting to break into your accounts, they’re not doing it by entering random passwords into the login page, like you see on TV. Instead, they’re going for the master lists that every website has of the passwords used to access their site. Most of these lists are encrypted with a system called a “hash” but, unfortunately, those aren’t totally secure either. That’s because a good cyber criminal can figure out what algorithm was used to create the hash and, once that’s done, any simple password is doomed.

So what can you do?

Saunders says that there’s really one way to make sure that your password is secure and that’s using a random password generator that comes up with something like this: J23lkj2464GSFkll877. But you’re probably looking at that and thinking, “Um, there’s no way I’ll be able to remember that!” And you’re right! Secure passwords are effective because they’re near-to-impossible to remember or figure out. That’s why companies like LastPass and 1Password exist. They’ll not only generate secure passwords for you, but also store them. All you have to remember is one master password in order to get access to all of your passwords.

Which brings us to the final step in securing your passwords: Choosing that master password. Saunders recommends a program called DiceWare, which “rolls the dice” and gives the user a 5-digit number that corresponds with a word. He suggests doing this a few times for a random assortment of words that are possible for you to remember, but difficult for a cyber criminal to guess.

So from now on, don’t let yourself get lazy and use one of those 25 most common passwords. You know better than that.

Photo courtesy of @petritzdesigns.