In the digital age, the number of passwords you need to remember is only increasing and even though we are told each one needs to be different, it is more easily said than done.
Not only are we told that we have to have different passwords, they each should be a random combination of numbers and letters to ensure the utmost security.
If you are someone who uses the same password for everything and maybe chucks a number on the end every once in a while, then you are definitely not alone — but there are some daunting new figures that might make you rethink your strategy.
Have I Been Pwned is a website that allows users to enter their online details into a search box, which then tells them if their passwords have previously been compromised by data breaches.
As well as telling you if your data has been breached, it keeps a database of the passwords that have been exposed in known data breaches.
The top 100 passwords that have proved to be most vulnerable to these breaches are compiled in this list:
If you spotted your password on the list, or one that was a little too close for comfort, don’t panic — but there are some things you should do right away.
1. If your password is on the list, change it.
2. Use the website to search any of your other details like an email address to see if they have been compromised and change them if necessary.
3. If you don’t want to have different passwords for every login, at least make sure the password for your email account is completely unique and you don’t use it anywhere else.
4. Use a mix of upper- and lower-case letters, numbers and symbols to create a secure password.
In a blog post, the founder of Have I Been Pwned, Troy Hunt, said if you can see a password has been breached before, don’t use it, even if it is one they themselves hadn’t previously used.
“If the password alone comes back with a hit on this service, that’s a very good reason to no longer use it regardless of whose account it originally appeared against,” he wrote in the blog.
“As well as people checking passwords they themselves may have used, I’m envisaging more tech-savvy people using this service to demonstrate a point to friends, relatives and co-workers: ‘You see, this password has been breached before, don’t use it.’”
Adobe, LinkedIn, MySpace and Ancestry.com are just some of the major networks that have had their users’ data exposed to breaches.
Hunt also added that, though the service is useful, it might not be the best idea to test out a password that you are currently using and don’t want to change.
“It goes without saying (although I say it anyway on that page), but don’t enter a password you currently use into any third-party service like this!” he said.
“I don’t explicitly log them and I’m a trustworthy guy, but yeah, don’t.”
“The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more.”