If you answer yes to any of the following questions, you should change your passwords on your online accounts right now!

  1. Do you use the same email address and password on different online accounts?
  2. Do you use simple short passwords? (Check out the top 25 lower down)
  3. Do you use the same password but increment the number each time you need to change it?
  4. Have you had the same password for a long time?

What's the problem?

If you did answer yes to any of the above questions, you are putting your personal data and possibly financial data at risk.

There is a chance your email addresses and passwords have already been compromised in one of the many hacks that have happened.

Some of the high profile data breaches are:

  • MySpace: 359,420,698 accounts
  • LinkedIn: 164,611,595 accounts
  • Adobe: 152,445,165 accounts

The email addresses and passwords are usually put up for sale in the dark corners of the internet.

You can check if you your account details have been compromised in a data breach by using the site https://haveibeenpwned.com/You just enter your email address and it will tell you if your email address was included in any of the breached data.

Here is a list of the top 25 worst passwords from 2015 according to SplashData

  1. 123456 (Unchanged)
  2. password (Unchanged)
  3. 12345678 (Up 1)
  4. qwerty (Up 1)
  5. 12345 (Down 2)
  6. 123456789 (Unchanged)
  7. football (Up 3)
  8. 1234 (Down 1)
  9. 1234567 (Up 2)
  10. baseball (Down 2)
  11. welcome (New)
  12. 1234567890 (New)
  13. abc123 (Up 1)
  14. 111111 (Up 1)
  15. 1qaz2wsx (New)
  16. dragon (Down 7)
  17. master (Up 2)
  18. monkey (Down 6)
  19. letmein (Down 6)
  20. login (New)
  21. princess (New)
  22. qwertyuiop (New)
  23. solo (New)
  24. passw0rd (New)
  25. starwars (New)

If your password is any of the above, you should definitely change it. Some hackers blast through a list of email addresses or usernames, testing them against the most common passwords. 

What should you do now?

My advice is to change all of your passwords to secure ones, and make sure they are different for each site.

Ideally, you should use a long password (16 characters or more) with combinations of uppercase, lowercase, numbers and special characters. Short and simple passwords are very easy to hack.

Choosing a new password can be tedious and tricky when trying to come up with a password which passes the different rules that different sites use, so I created a free tool which lets you choose which types of characters you need to include in your new password and then it generates one for you. Password Generator

To manage all of these passwords, you can use a service like LastPass which stores all of your passwords in a secure vault and it uses a high level of encryption. There are even some password manager services that change your password for you periodically with these other sites, so you don't even know what your password is.

I've started to just use the forgotten password functionality on most sites these days, so I can set a new password, use it at the time, forget about it and when I need to login again another day, just use the forgotten password process again.

Look after your friends and family's security online, make sure they are aware of this and get them to secure their accounts.

Paul Seal

Umbraco MVP and .NET Web Developer from Derby (UK) who specialises in building Content Management System (CMS) websites using MVC with Umbraco as a framework. Paul is passionate about web development and programming as a whole. Apart from when he's with his wife and son, if he's not writing code, he's thinking about it or listening to a podcast about it.

Proudly sponsored by


  • Moriyama build, support and deploy Umbraco, Azure and ASP.NET websites and applications.

  • CI/CD service for Windows, Linux and macOS
  • Build, test, deploy your apps faster, on any platform.

  • Custom stickers for startups, artists and brands.
  • Bespoke easy-apply, removable, custom brand stickers printed in the UK.

  • elmah.io is the easy error logging and uptime monitoring service for .NET.
  • Take back control of your errors with support for all .NET web and logging frameworks.
uSync Complete

  • uSync.Complete gives you all the uSync packages, allowing you to completely control how your Umbraco settings, content and media is stored, transferred and managed across all your Umbraco Installations.

  • More than a theme for Umbraco CMS, take full control of your content and design with a feature-rich, award-nominated & content editor focused website platform.