If you answer yes to any of the following questions, you should change your passwords on your online accounts right now!

  1. Do you use the same email address and password on different online accounts?
  2. Do you use simple short passwords? (Check out the top 25 lower down)
  3. Do you use the same password but increment the number each time you need to change it?
  4. Have you had the same password for a long time?

What's the problem?

If you did answer yes to any of the above questions, you are putting your personal data and possibly financial data at risk.

There is a chance your email addresses and passwords have already been compromised in one of the many hacks that have happened.

Some of the high profile data breaches are:

  • MySpace: 359,420,698 accounts
  • LinkedIn: 164,611,595 accounts
  • Adobe: 152,445,165 accounts

The email addresses and passwords are usually put up for sale in the dark corners of the internet.

You can check if you your account details have been compromised in a data breach by using the site haveibeenpwned. You just enter your email address and it will tell you if your email address was included in any of the breached data.

Here is a list of the top 25 worst passwords from 2015 according to SplashData

  1. 123456 (Unchanged)
  2. password (Unchanged)
  3. 12345678 (Up 1)
  4. qwerty (Up 1)
  5. 12345 (Down 2)
  6. 123456789 (Unchanged)
  7. football (Up 3)
  8. 1234 (Down 1)
  9. 1234567 (Up 2)
  10. baseball (Down 2)
  11. welcome (New)
  12. 1234567890 (New)
  13. abc123 (Up 1)
  14. 111111 (Up 1)
  15. 1qaz2wsx (New)
  16. dragon (Down 7)
  17. master (Up 2)
  18. monkey (Down 6)
  19. letmein (Down 6)
  20. login (New)
  21. princess (New)
  22. qwertyuiop (New)
  23. solo (New)
  24. passw0rd (New)
  25. starwars (New)

If your password is any of the above, you should definitely change it. Some hackers blast through a list of email addresses or usernames, testing them against the most common passwords. 

What should you do now?

My advice is to change all of your passwords to secure ones, and make sure they are different for each site.

Ideally, you should use a long password (16 characters or more) with combinations of uppercase, lowercase, numbers and special characters. Short and simple passwords are very easy to hack.

Choosing a new password can be tedious and tricky when trying to come up with a password which passes the different rules that different sites use, so I created a free tool which lets you choose which types of characters you need to include in your new password and then it generates one for you. Password Generator

To manage all of these passwords, you can use a service like LastPass which stores all of your passwords in a secure vault and it uses a high level of encryption. There are even some password manager services that change your password for you periodically with these other sites, so you don't even know what your password is.

I've started to just use the forgotten password functionality on most sites these days, so I can set a new password, use it at the time, forget about it and when I need to login again another day, just use the forgotten password process again.

Look after your friends and family's security online, make sure they are aware of this and get them to secure their accounts.

Want to thank me?

If I've helped you out and you want to thank me, why not buy me a coffee?

Buy me a coffee

About the author

Paul Seal

Umbraco MVP and .NET Web Developer from Derby (UK) who specialises in building Content Management System (CMS) websites using MVC with Umbraco as a framework. Paul is passionate about web development and programming as a whole. Apart from when he's with his wife and son, if he's not writing code, he's thinking about it or listening to a podcast about it.

Related Posts

How to fix the error "Authentication failed because the remote party has closed the transport stream"

This post will show you how to fix the error "Authentication failed because the remote party has clo…

Read Post

Boosting your career by creating a personal brand

In this post I share the content of the talk I did at the Umbraco UK Festival 2018 about how to boos…

Read Post

How I doubled the traffic to my website in 4 simple steps

In the space of 2 months, I doubled the traffic on my website, and the increase was all Organic traf…

Read Post

How to solve the GitHub error fatal: HttpRequestException encountered

GitHub has been upgraded from using TLS 1.0 to TLS 1.2 and it has caused issues for people. This pos…

Read Post