Step 1: Change your password

Step 1: Change your password

This is perhaps the most painful of all security suggestions – the idea that not only should you just choose a new password, but that you should also do so regularly. The fact is, websites get hacked all of the time, and if you’ve used the same password across multiple website for a long time, there’s a good chance that someone out there has your password, and it’s connected to your email address. Changing your password is the only way to prevent them from using it.

There’s always been a lot of debate about what makes the best password. Numbers, special characters, capitalization, long phrases – honestly, anything you can do to make your password more complex is going to make it more difficult for bad actors to access your accounts. I know it’s painful, but give up that decade-old password now and start with something a little more complex.

Still to this date, the most common passwords on the internet are “123456” and “password”. Please just stop doing that. Now!

Tips for creating a new password

  • Avoid names of family members or pets
  • Use at least 12 characters, numbers, symbols, and mixed capitalization
  • Never reuse an old password


  • Good: Use a long phrase such as “theoldpenguinateahamburger”
  • Better: Add a random character to it like “theoldpenguinate9ahamburger”
  • Best: Do more to it: “TheOldPenguin9AteAHamburger!”

Don’t forget to change your password regularly. With most email providers, you’re only going to need to enter the password once a month to keep your connection active, so you won’t need to use it daily… just don’t forget it!

Here are links to some password change instructions for major email providers:

You’ll also want to ensure that you do not use your e-mail password for any other website or service. Though most security experts will say otherwise, there are times when it’s okay to use a password on multiple websites, but your e-mail account password is protecting too much information to risk using it twice.

Privacy Tip: Want to see if your account information has ever been stolen? Visit ‘;–have i been pwned? and search for your e-mail address. It’ll let you know what services exposed your information and what was likely included.

Google Chrome users – consider installing Password Checkup, a Google-created tool that will you let you know if your account information has been revealed in a data breach. When you log into a service, it’ll let you know that you should change your password. But here’s the really annoying part – when you learn that your account information was breached, you’re going to need to change that password on EVERY account you’ve used it on. Hackers will often try the same username and password combinations across multiple websites.