The word “password” and the numbers "123456” are yet again the most commonly used passwords, according to an annual ranking of the worst passwords to use by software company SplashData.

But another password made the list for the first time this year: “donald.”

SplashData analyzed more than 5 million passwords that were leaked on the Internet, and just like the seven previous years the company has reviewed the data, people continue to set predictable, easy-to-guess passwords that rely on strings of letters and numbers that are close to each other on computer keyboards, according to a news release.

In addition to perennial favorites, such as “1234567” and “12345678,” the list of ill-advised passwords for 2018 included newcomers "!@#$%^&*″ (the special characters that correspond to 12345678, ranked 20th) and “donald,” ranked 23rd.

The popularity of “football” (16th) fell seven spots from last year’s list, “princess” (11th) returned after taking a hiatus, and “iloveyou” was unchanged, rounding out the top 10 worst passwords. The company estimates that nearly 10 percent of people online have used at least one of the worst 25 passwords on the list.

“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations,” SplashData chief executive Morgan Slain said.

Undeterred from the most basic security advice, millions of people keep using the same weak passwords, according to SplashData. The analysis found that “123456” and “password” were the most commonly used passwords for the fifth year in a row, and the next five most widely used passwords were just short strings of consecutive numbers, or simply the same number typed over and over again, like the sixth worst password on the list: “111111.”

People who use these passwords put themselves “at substantial risk of being hacked and having their identities stolen,” the company said. SplashData said it puts out its annual list to encourage people to set stronger passwords, pointing to the recent hacks of Marriott and the National Republican Congressional Committee, to urge computer users to protect themselves.

The company recommends that people use passphrases made up of 12 mixed characters; set up different unique passwords for the various accounts that require a login; and take advantage of a password management tool.

On Thursday, The Washington Post’s technology columnist wrote an 8-step guide on how consumers can protect themselves as they shop online this holiday season and earlier this year reviewed the best password managers.