People never learn. If they did, they wouldn’t use the same weak passwords over and over and over again.

That’s the finding of SplashData, which has just released its annual "25 Worst Passwords of the Year” list. Compiled from files filled with millions of stolen passwords that hackers posted online, the usual suspects retained the top three spots on the list: “password,” “123456” and “12345678.”

Overall, there wasn’t much movement among the top 25 although several new weak passwords made their debuts, including “Jesus” and “ninja.”

Here are the top 25 from SplashData, a leading provider of productivity applications for smartphones:

1.password (unchanged)
2.123456 (unchanged)
3.12345678 (unchanged)
4.abc123 (up 1)
5.qwerty (down 1)
6.monkey (unchanged)
7.letmein (up 1)
8.dragon (up 2)
9.111111 (up 3) (up 1)
11.iloveyou (up 2)
12.trustno1 (down 3)
13.1234567 (down 6)
14.sunshine (up 1)
15.master (down 1)
16.123123 (up 4)
17.welcome (new)
18.shadow (up 1)
19.ashley (down 3) (up 5)
21.Jesus (new)
22.michael (up 2) (new)
24.mustang (new)
25.password1 (new)