Have I Been Hacked? How to Check and Protect Your Accounts

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
11. welcome
12. 1234567890
13. abc123
14. 111111
15. 1qaz2wsx
16. dragon
17. master
18. monkey
19. letmein
20. login
21. princess
22. qwertyuiop
23. solo
24. passw0rd
25. starwars

The amusement one might feel whilst reading this list may also be accompanied by a profound feeling of disbelief. When did we get so stupid? If your password or a variation of it is on this list, give yourself an uppercut. Then go and change it.

What should your password be?

Anything that is too painful to read, let alone remember, is your best bet. If it’s hard for you to remember, it will be just as hard for someone else to hack.

We recommend:

• at least 15 characters
• a mixture of numbers, lowercase and uppercase letters, and punctuation symbols
• a different password for each account

Because passwords are almost always linked to an email address, using the same password everywhere means a single breach can expose all your accounts.
A co‑worker suggested associating each password with a memory: a song title, a line from a poem, a book quote, a movie reference, or an object. It’s a good point — passwords don’t have to be a single word. They can be a phrase or an abbreviation using mixed characters.

Usernames can follow the same guidelines — you don’t have to provide your real name. It’s also a good idea to lie on password security questions. Anyone who knows you well enough probably has all the information they need to take you down.

As demonstrated clearly in an episode of Mr. Robot, gathering this kind of information from something as simple as a Facebook account is way too easy.

How Are We Supposed to Remember the 3,487 Passwords We Need?

If associating smells, colours and sounds doesn’t work for you, not all hope is lost.

Repetition

Repetition will always ingrain something into your mind. You could even develop your own personal format for creating passwords to make them easier to remember.

Write Them Down

Woah, Nelly.

No — don’t write them down unless you live in a deep cavern on the side of a very tall mountain in a remote part of the world where your nearest neighbour is an antelope named Fred.

Writing a password down once and destroying the paper can work, but only if it’s truly destroyed. And please, whatever you do, do not write it on a post‑it note and stick it to your monitor.

Locked Documents

An alternative to a password manager.

A complex master password is essential. This encrypted document can serve the same purpose as a password manager, though you’ll need to manually enter passwords. Ensure the file is backed up externally or remotely.

If you choose this option, use an Excel file from version 2013 onward, as Microsoft increased the hash value and added a salt value for extra protection.

Password Managers

Great — if they aren’t logged in 24/7.

If your password manager is always unlocked, it’s no different to having a book open on your desk with all your passwords written down.

If you choose to use one:

• research the options
• ensure it requires your master password before autofilling
• make your master password complex and memorise it

So. Have you been hacked?

If you think any of your accounts may have been hacked, there are ways to check.

A tried and true favourite is haveibeenpwned.com — enter the email address you commonly use for sign‑ups, and it will check it against known breaches.

Before you do that though, you may want to go and change those passwords.