Passwords are a cornerstone of security, protecting everything from social media accounts to company secrets. Despite that, '123456' has been the most common online password for four consecutive years.

SplashData has again released its annual list of the 100 most insecure passwords - which no internet user should ever use unless they enjoy getting hacked. It has again confirmed what we are told every year: we never learn.

As you'd expect, "123456" takes the top spot, along with the classic popular choice of idiots, "password", followed by a new yet exceptionally unique entry "12345678". You'll notice it's also quite obvious there are plenty of Star Wars, football and monkey fans out there, the further you get down the list.

"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars' is a dangerous password to use," said SplashData CEO Morgan Slain. "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."

Here's the top 10 worst passwords of 2017. For the complete list of 100, head over to Spashdata's official page.

1. 123456

2. Password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou