Be Secure Online Blog

Looking to change your passwords? Here's how it might go.


What's a girl to do, so many passwords, and too little time.

Changing twelve years' worth of passwords wasn't as bad as we thought. Have you had the same password — for everything — for over a decade?You might wonder how you have survived this long without your identity being stolen!

Are you too scared to log out of Facebook for fear you might never get back in? Have recent data breaches got you thinking about security and identity online? Is it now time to get yourself together? Here's what sorting out 12 years of passwords might look like.

Our Business Service! Book 30 min demo Now!

Change #Passwords for the better

Lesson 1: Do your research

Start by reading up on password management. Yep, a snooze fest.

The key takeaways were that you shouldn't have the same passwords for everything (fail), that they shouldn't be related to anything personal (fail again), and that you should try passphrases, not words.

A passphrase is like it sounds — instead of using password123, you could use 'Tubbylikesbeans'. Or something slightly more complex.Troy Hunt, the online security expert, suggests using a password manager to store all the different passwords for all your accounts and create a strong passphrase. To get set up read through a good password manager buying guide, and ask a few tech-head friends what they do. Decide whether to go for a paid service or one of the free options. Then narrow choices down to two managers.

Don't get lost in the "special features" of each. Try one brand for an hour and if its functionality drives you insane, quit. Switch to the other (migrating between managers is straightforward).

Time spent: Around an hour and 30 minutes, including my software change.

Lesson 2: Importing passwords is easier than you think

Sorting out my passwords is not logging on to every single website I use, changing my password to something more complex, and then writing that new password in my manager. Passwords all over the place! And in most cases, those lists of auto-fill passwords are exported to a spreadsheet. Then import them back into your new password manager. 

117 logins saved on your internet browser, 55 on your phone, 18 in my work password manager and 7 in my Google account. Not as bad as expected! Auto-importing all of those logins only took 10 minutes.

Time spent: 10–15 minutes.

Lesson 3: Human passwords are not to be trusted

Most of us can barely remember bin day, let alone all our passwords. Which is why we cheat passwords. 

If you are a genius, you will 

  1. Replace the letter 'i' with an ! or a 1. 
  2. Writing 'a' as @. A common and easily hackable error.

Of the 197 logins you may import (many of which were copies anyway), the password manager's security feature will probably say at least 160 of them were 'At-Risk,';

1. Too simple 
2. Re-used.

So they got changed. The password manager helped generate secure new passwords — something catchy, like fseh908uio4hf. When changed, it would automatically save the new password. While you'll never remember a bunch of gibberish passwords, the password manager syncs across all my devices — so I only need to remember my master passphrase. Then find or auto-fill any convoluted password you want.

Time spent: Changing hundreds of passwords  hours!

Lesson 4: I have signed up for a lot of websites

Out of your mountain of at-risk logins, you probably only use between 10 and 20 websites regularly.

Keeper password service, MSP,

How to avoid getting hacked

From passwords to phishing, hackers can catch you on social media. Here's what you can do to minimise the risks.

The logins included online shopping brands and streaming services that had personal debit cards saved. Medical websites I used to book appointments with my doctor and dentist. People tend to use the same login details for these sites as for random websites you have no memory of signing up for. People usually only find these accounts, as they were part of the 'at-risk' login list.

Logging on to these sites during the clear-out. People discover they not only have your password but your date of birth and your address. Going through and working out how to delete these accounts took a lot longer than the password resets but felt even more essential. And these are just the sites that were auto-saved — how many more out there have my details?

Time spent: Days! Often there was no 'deletebutton, and emails sent and confirmed back.

So was it worth it?

While some parts of this task have been easier than I expected, overall, it's been quite exhausting.

It's taken hours to sort through everything. It's been fiddly and would hurt any non-tech brain.

But! It felt worthwhile, a task that needed doing.

No more worrying about being hacked. No more stupid, dangerously easy passwords which you have to remember. No more thinking up new ways to spell the dog's name with special characters.

Articles of Interest

Articles, links and connections from the BeSecureOnline site you might find interesting.    

What is a VPN? 

8 good reasons to use a proper password manager

Ransomware - To pay or not to pay - Ransomware

German Insurer Allianz says  - Businesses fear a catastrophic IT failure the most

Cybersecurity Essentials for Business

Comments are closed for this post, but if you have spotted an error or have additional info that you think should be in this post, feel free to contact us.


Get the latest updates in your email box automatically.