Do you have one of the worst passwords of 2017?

Many sites require a password to login. While users are encouraged to make strong choices, some codes still end up stolen. So which combinations are the worst?

»RELATED: If your password is on this list, you need to change it now

SplashData, a company that provides security applications and services, recently conducted a study to find out. By using data from 5 million leaked passwords from users in North America and Western Europe, the site compiled its annual "Worst Passwords of the Year" list.

The No. 1 most used password was “123456”, followed by “Password.” Those two took the top two spots last year, too.

Third place went to “12345678,” “qwerty” was No. 4 and “12345” was No. 5, which was down two spots from last year.

While there were several repeats from 2016, there were also some first time offenders on the round-up. One included “starwars,” which was No. 16 and another was “dragon,” which was No. 18.

So what’s the best way to prevent a hack attack? Researchers recommend using a combination of 12 characters with a mix of upper and lowercase letters. They also suggest changing them for various websites.

»RELATED: Equifax, software maker blame each other for opening door

Take a look below for the 20 worst passwords of 2017.

1. 123456

2. Password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

11. admin

12. welcome

13. monkey

14. login

15. abc123

16. starwars

17. 123123

18. dragon

19. passw0rd

20. maste

»RELATED: Georgia gains reputation for going after dark web criminals