A New Year – It May Be Time To Change Your Passwords. 

Happy New Year. I hope the new year arrived safely for you. 
Unfortunately, your accounts may not feel the same way. 
With the beginning of the year, you may want to consider going through your online accounts and changing your passwords, which should be done every six months, but at least once per year. With companies and websites being hacked regularly, there is no doubt that your credentials, including email, usernames and passwords, are being sold around the dark web. 

There are several ways to find out which website or company you’ve signed into has been hacked.
One of the best is Have I Been Pwned. You enter your email address(es) into the form and it will tell you which companies that you’ve signed into have been breached. You absolutely should change your passwords to those sites. Another site to use Avast Hack Check which operates the same way. 

Besides hacks, there are other ways your password could be breached. If a person had your login credentials, user name, email address but not your password, they could try to crack your password. If you haven’t changed your password in a while, or if you use the same password at multiple sites, or you use the same password base but only change a number or letter, it probably wouldn’t take long at all for someone to figure out what your password is. A few examples, taking the most commonly used passwords of 2025 and yes, these are still the top five most common passwords being used, hopefully by none of you:

• 123456 would be cracked instantly
• 111111 would be cracked instantly
• admin would be cracked instantly
• qwerty would be cracked instantly
• password would be cracked instantly

Forgive@h3r, which comes up later in this article, would take 400 years to crack.

To test your passwords to see how quickly they could be cracked, you can safely enter them at Security.Org and it will show you how quickly your passwords can be cracked.

What makes a good password? 

• A password should be at least 12 characters long (ideally 16 characters or more); 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
• A password should include a combination of letters (both uppercase and lowercase), numbers, and characters.
• You must have a unique password for each online account.
• A password shouldn’t include any of your personal information like your birthday or address, as identity theft and data breaches can compromise such information. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
• A password shouldn’t contain any consecutive letters or numbers (i.e. ABCD, 1234, etc.)
• A password shouldn’t be the word “password” or the same letter or number repeated.

I recently read an article from Mauricio Estrella. He was going through some life-altering things. Per company policy, he was forced to change his password at work every 30 days.

“I’m gonna use a password to change my life,” he recalls thinking.

He continues:

“My password became the indicator. My password reminded me that I shouldn’t let myself be a victim of my recent breakup, and that I’m strong enough to do something about it.

My password became: “Forgive@h3r”

I had to type this statement several times a day. Each time my computer would lock. Each time my screensaver with her photo would appear. Each time I would come back from eating lunch alone.

In my mind, I went with the mantra that I didn’t type a password. In my mind, I wrote “Forgive her” every day, for one month.”

Changing that password changed the way he thought of his former spouse. It was a recurring refrain, he says, a reminder to forgive her, accept the uncoupling, and embrace a recovery from depression.

“In the following days, my mood improved drastically,” Estrella continues. “By the end of the 2nd week, I noticed that this password became less powerful, and it started to lose its effect. A quick refresh of this ‘mantra’ helped me. I thought to myself I forgive her as I typed it, every time. The healing effect of it came back almost immediately.” You can read the whole article here.

Sound like something you can do? Of course. Think about things weighing on your mind. Turn them into a password and Change Your Life.

Using a Password Manager
If you want a secure password but don’t want to have to remember it each and every time, especially when you have a different secure password for each website, get a Password Manager. It can generate a password for each site, save it and apply it whenever you want to sign into that site. Some of you may be thinking that you can do that for free by allowing the browser to save your passwords. I would highly recommend that you do NOT do that. If someone got onto your computer it’s very easy to export those password files and save or upload them. A password manager is secure in that even if someone did try to upload the file the passwords are all encrypted. 

Some of the best Password Managers are:

• NordPass
• Proton Pass
• 1Password
• Dashlane

However, if you’re using a different one, for example, I use RoboForm, continue using it. It’s keeping your passwords safe. Also, learn the features. RoboForm will tell me if I’m using the same password on different sites and it will also alert me to sites that have been hacked. 

Another benefit to using a password manager is that you can install it on the various devices you use and have access to your passwords when signing in on your computer, phone, tablet, etc.

Multi Factor Authentication (MFA):
You’ve probably used MFA or 2-Factor Authentication when you signed into your bank’s website, or other financial or tax websites. 
MFA is a security method where you must prove your identity in two or more different ways before getting access to an account or system. It greatly reduces the chance that someone can break in using only a stolen or guessed password. One way would be your password, but then the second factor kicks in and you get a text or call to your phone with a code. Without that code, you aren’t able to access the site. It protects your login to that site from being hacked. 

Why MFA is important:

• Usernames and passwords can be stolen through phishing, data breaches, or reused passwords; MFA adds a second barrier even if those credentials leak.​
• Security agencies and major tech providers report that enabling MFA can block the vast majority of automated account‑takeover attacks, making accounts dramatically safer for both individuals and organizations.

Filed under: PC Security, PC Tips and Tools | Tagged: cyber-security, cybersecurity, Passwords, phishing, security, technology |