SplashData has released its fifth annual “Worst Passwords List,” and it’s a welcome reminder that computer passwords should be taken seriously. Typing them in takes up your time, yes, but it’s better safe than sorry, especially in the medical industry.

If you think some of your passwords might be too weak, here are a few tips to help beef them up a bit: Some of them are courtesy of SplashData’s list, and others are just personal favorites.

1. Think of something original

The four most common passwords in 2015 were “123456,” “password,” “12345678,” and “qwerty.” You can do better than this. Think of something applies only to you, and throw a number in there somewhere.

(Note: “football,” “baseball,” “dragon,” “master,” “monkey”—yes, “monkey”—and “princess” also made the Top 25 list. Avoid these, no matter how much you love football, baseball, or...monkeys.)

2. Avoid obvious pop culture references

Don’t reference a widely-known piece of pop culture with your password. “Starwars” and “solo” both made the SplashData list this year, but attackers watch movies just like anyone else.

Don’t give over access to your department’s medical data just because someone noticed your Chewbacca bobblehead and made a good guess. Don’t let The Dark Side win.

3. Embrace the 12-character password

All computer passwords should be a minimum of 12 characters, even if the website or application in question lets you get away less.

Be warned, though, that simply adding characters will not be enough. According to Morgan Slain, SplashData CEO, extra characters only help if they’re not too easy to predict.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” Slain said in a statement that accompanied the Top 25 list.

In other words, changing your password to “monkeymonkey” won’t solve all of your problems. (I’m sorry.)

4. Use a variety of passwords

Avoid using the same password for every website or application. It’s inconvenient, sure, but your personal laptop and the hospital’s computer system need different passwords.

Worried about remembering them all? Keep a list somewhere secure, or use an online password manager.

5. Post-it Notes are a bad idea

That bright yellow piece of paper stuck to your monitor? It’s not doing you any favors.

If you can read your password for a quick reminder, so can anyone else. Avoid Post-it Notes when it comes to online security.