More than 23 million people have used the world’s most hackable password.

How many passwords do you have to remember? Email accounts, social media platforms, online bill pay, online banking and online retailers all require passwords. For convenience, over 23 million of us chose 12345 as a password and ended up being hacked. This is the worst password according to the National Cyber Security Center in the U.K, followed by 123456789 and qwerty. Even worse, we use 12345 as a password for multiple accounts, making it easy for cybercriminals to gain access to multiple accounts. Never use the same password in more than one place.

First, criminals will try a dictionary attack which tries common passwords, such as 123456 and 111111, then words from a dictionary. Using a brute-force attack, where software tries every possible combination of numbers and letters, a cybercriminal using readily available software can crack a six character password in one hour. If you use symbols in addition to numbers and letters, it can take up to 11 hours. Cyber security experts suggest using a nine character password with numbers, letters and symbols as it would take 1000 years to crack the password. As cyber criminals develop new cracking software and gain access to faster computers in a bot network, they will be able to get passwords faster.

Use a password manager and secure password to keep track of all your passwords, and then you will only have to remember one password. Another alternative is using three words that don’t make sense together but which you can remember. For the ultimate in cyber security, you can also go old school and write your nine to 11 character passwords down in a notebook and keep it in a secure place.