If you’ve been using the same password for your email since your first Hotmail account, it’s time to change. And if that password is also your go-to for your other online accounts, it’s time to change today.

The ‘set and forget’ mentality with passwords is changing as people increasingly realise the importance of strong passwords for protecting your personal information online.

In August this year 711 million email addresses were publicly released in the Onliner Spambot credentials dump – the largest list yet of email addresses and compromised login credentials. We can’t be sure where the list came from, and some of the credentials appear to be from previous lists that have been made public.


But what is clear is that the list was released to help hackers use the email addresses and passwords for ‘credential stuffing’– where attackers try email and password combinations on different websites to see where passwords have been reused, to gain access to people’s personal information and bank accounts.


If you’ve used different passwords for each of your accounts, credential stuffing won’t work. But if you use the same password for different accounts, a hacker only has to figure out one password to get access to the others.

Powering up your passwords is one of the top things you can do to protect yourself from cybercrime.

Make your passwords super strong 

  • Use a different password for every online account you have.
  • Make your passwords long and strong – a string of four or more words is just as strong as a 10-character password that uses a mix of numbers, letters and symbols.
  • Don’t use personal information –  details like your date of birth, your address and your pet’s name are the first thing attackers check when they’re trying to hack into people’s accounts.
  • Keep your passwords safe and don’t share them with anyone.
  • If you’re worried about remembering your passwords, use a password manager – that way you only have to remember one login.


For more tips on stepping up your cyber security, go to www.cert.govt.nz/cybersmart